116 matches found
WordPress plugin Icon Widget 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-18481 · WordPress · Icon Widget
Name of the Vulnerable Software and Affected Versions: Icon Widget plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-supplied...
WordPress plugin All-in-one Like Widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
CVE-2024-0711
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2024-0951
The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-24930 WordPress Buttons Shortcode and Widget Plugin <= 1.16 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16...
CVE-2023-47813
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in grandslambert Better RSS Widget plugin = 2.8.1 versions...
CVE-2023-47813
CVE-2023-47813 relates to the WordPress plugin Better RSS Widget (
CVE-2023-47813 WordPress Better RSS Widget Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in grandslambert Better RSS Widget plugin = 2.8.1 versions...
CVE-2023-46075
Unauth. Reflected Cross-Site Scripting XSS vulnerability in wpdevart Contact Form Builder, Contact Widget plugin = 2.1.6 versions...
CVE-2023-46075
CVE-2023-46075 describes an unauthenticated, reflected Cross-Site Scripting (XSS) in the WordPress plugin set of wpdevart Contact Form Builder and Contact Widget, listed as vulnerable up to version 2.1.6 (and up to 2.1.7 per Patchstack). The vulnerability path enables injection of scriptcode that...
CVE-2023-45628
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in QROkes QR Twitter Widget plugin = 0.2.3 versions...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in QROkes QR Twitter Widget plugin = 0.2.3 versions...
CVE-2015-10124
CVE-2015-10124 affects the WordPress plugin Most Popular Posts Widget Plugin (versions up to 0.8). The vulnerability resides in the functions.php, in add_views/show_views, enabling SQL injection that can be exploited remotely. Upgrading to version 0.9 addresses the issue (patch: a99667d11ac8d3200...
PT-2023-10301 · WordPress · Most Popular Posts Widget Plugin
Name of the Vulnerable Software and Affected Versions: Most Popular Posts Widget Plugin versions up to 0.8 Description: A critical issue has been found in the Most Popular Posts Widget Plugin, affecting the add views/show views function of the functions.php file. This issue leads to sql injection...
CVE-2023-5063
The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-24397
CVE-2023-24397 affects the WordPress plugin Reservation.Studio widget (versions
CVE-2023-24397 WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Reservation.Studio Reservation.Studio widget plugin = 1.0.11 versions...
PT-2023-19558 · Unknown · Reservation.Studio
Name of the Vulnerable Software and Affected Versions: Reservation.Studio Reservation.Studio widget plugin versions 1.0.11 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For...
CVE-2023-23877
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin = 2.3.1 versions...