18 matches found
EUVD-2025-4550
Malicious code in bioql PyPI...
EUVD-2022-43178
Malicious code in bioql PyPI...
CVE-2022-3838
The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-13883
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...
CVE-2024-13883
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...
CVE-2024-13883
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...
CVE-2024-13883 WPUpper Share Buttons <= 3.51 - Cross-Site Request Forgery to Custom CSS Update
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...
CVE-2024-13883
CVE-2024-13883 affects the WordPress plugin WPUpper Share Buttons (
CVE-2024-13883 WPUpper Share Buttons <= 3.51 - Cross-Site Request Forgery to Custom CSS Update
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...
WordPress plugin WPUpper Share Buttons 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
WordPress WPUpper Share Buttons plugin <= 3.43 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Krzysztof Zając in WordPress Plugin WPUpper Share Buttons versions = 3.43...
WordPress WPUpper Share Buttons Plugin <= 3.43 is vulnerable to Broken Access Control
Software WPUpper Share Buttons Type Plugin Vulnerable versions = 3.43 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4997 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7221465742e4 Credits Krzysztof Zając Required...
WPUpper Share Buttons <= 3.43 - Missing Authorization
Description The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected...
CVE-2022-3838
The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3838
The CVE-2022-3838 entry concerns the WPUpper Share Buttons WordPress plugin (versions
PT-2022-24397 · WordPress · Wpupper Share Buttons
Name of the Vulnerable Software and Affected Versions: WPUpper Share Buttons WordPress plugin versions 3.42 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...
WordPress plugin WPUpper Share Buttons 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress WPUpper Share Buttons plugin <= 3.42 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress WPUpper Share Buttons plugin versions = 3.42. Solution Deactivate and delete. This plugin has been closed as of November 9, 2022 and is not available for download. This closure is temporary, pending a full...