27 matches found
EUVD-2023-31189
Malicious code in bioql PyPI...
CVE-2023-1373
The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...
CVE-2023-27413
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Shazzad Hossain Khan W4 Post List plugin = 2.4.4 versions...
CVE-2023-27413
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Shazzad Hossain Khan W4 Post List plugin = 2.4.4 versions...
CVE-2023-27413
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Shazzad Hossain Khan W4 Post List plugin = 2.4.4 versions...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Shazzad Hossain Khan W4 Post List plugin = 2.4.4 versions...
CVE-2023-27413
CVE-2023-27413 affects WordPress W4 Post List plugin versions
CVE-2023-27413 WordPress W4 Post List Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Shazzad Hossain Khan W4 Post List plugin = 2.4.4 versions...
CVE-2023-27413 WordPress W4 Post List Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Shazzad Hossain Khan W4 Post List plugin = 2.4.4 versions...
CVE-2023-1373
The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...
CVE-2023-1371
The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them...
CVE-2023-0374
The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Cross site scripting
The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-1371 W4 Post List < 2.4.6 - Subscriber+ Password Protected Post Content Disclosure
The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them...
CVE-2023-1371
CVE-2023-1371 affects the W4 Post List WordPress plugin prior to version 2.4.6. The vulnerability arises because the plugin does not properly enforce access controls for password-protected posts before displaying their content, potentially allowing any authenticated user (Subscriber level) to vie...
CVE-2023-1373 W4 Post List < 2.4.6 - Reflected XSS
The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...
CVE-2023-1373
The CVE-2023-1373 entry concerns the WordPress plugin W4 Post List, affected up to version 2.4.6. The root cause is insufficient escaping of URLs output in HTML attributes, leading to a reflected XSS vulnerability. Impact is described as Reflected Cross-Site Scripting with low confidentiality/int...
CVE-2023-1373 W4 Post List < 2.4.6 - Reflected XSS
The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...
CVE-2023-0374 W4 Post List < 2.4.6 - Contributor+ Stored XSS
The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0374 W4 Post List < 2.4.6 - Contributor+ Stored XSS
The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...