12 matches found
EUVD-2021-11850
Malware in sbrugna...
EUVD-2022-51776
Malicious code in bioql PyPI...
CVE-2022-4431
The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...
WordPress WOOCS plugin <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin FOX versions = 1.4.1.8...
CVE-2022-4431
The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...
CVE-2022-4431
The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...
CVE-2022-4431 WOOCS < 1.3.9.4 - Contributor+ Stored XSS
The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...
CVE-2021-25043
The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the customprices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue...
WOOCS < 1.3.7.3 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the customprices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin-ajax.php?action=woocsgetcustompricehtmlprices=%3Cimg%20src%20onerror=alertXSS%3E...
WordPress WOOCS plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress WOOCS plugin has a cross-site scripting vulnerability in versions prior to 1.3.7.1, which stems...
CVE-2021-24938
The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue...
Cross site scripting
The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue...