11 matches found
WordPress plugin Simple Folio 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
PT-2025-33458 · WordPress · Elink – Embed Content
Name of the Vulnerable Software and Affected Versions: elink – Embed Content plugin for WordPress versions up to and including 1.1.0 Description: The elink – Embed Content plugin for WordPress is susceptible to malicious redirection due to insufficient restriction of URLs supplied through the eli...
PT-2025-7804 · Benner · Benner Modernanet
Name of the Vulnerable Software and Affected Versions: Benner ModernaNet versions 1.1.0 and earlier Description: A critical issue has been found in Benner ModernaNet, affecting an unknown part of the file...
PT-2025-3227 · Unknown · Gs Coaches
Name of the Vulnerable Software and Affected Versions: GS Coaches versions 1.1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This stored XSS vulnerability is present in GS Plugins GS Coaches,...
WordPress Support SVG Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software Support SVG Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11091 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7d70333b5396 Credits Francesco Carlucci Required...
WordPress PDF Viewer Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software PDF Viewer Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID d7d95e288520 Credits Yudistira Arya Required privilege Author Publish...
PT-2024-25549 · Macho Themes · Machothemes Cpo Companion
Name of the Vulnerable Software and Affected Versions: MachoThemes CPO Companion versions 1.1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker ca...
WordPress Essential Blocks Pro Plugin <= 1.1.0 is vulnerable to PHP Object Injection
Software Essential Blocks Pro Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4386 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID b459be820fbe Credits Marco Wotschka Required privilege...
WordPress 1 Click Close Store Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software 1 Click Close Store Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d6ea0096ad8 Credits Rafie Muhammad Patchstack...
egg-html-purify (>=1.0.0 <=1.0.2), think-purify (>=1.0.0 <=1.1.4) potentially affected by unknown CVE via html-purify (=1.1.0)
html-purify NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on html-purify and may be impacted: - egg-html-purify =1.0.0, =1.0.0, =1.1.4 Source cves: unknown CVE Source advisory: OSV:GHSA-5P28-63MC-CGR9...
Ferdows CMS Pro 1.1.0 - Multiple Vulnerabilities
Ferdows CMS Pro 1.1.0 - Multiple Vulnerabilities www.BugReport.ir AmnPardaz Security Research Team Title: Ferdows CMS Pro =1.1.0 Multiple Vulnerabilities Vendor: www.fcms.ir Exploit: Available Vulnerable Version: 1.1.0 Pro Impact: Medium Original Advisory: http://www.bugreport.ir/index77.htm Fix:...