10 matches found
EUVD-2026-20842
The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wpajaxziggeoajax handler only verifies a nonce checkajaxreferer but performs no capability checks via currentusercan. Furthermore, the nonce 'ziggeoajaxnonce' is exposed to all...
CVE-2026-4124
CVE-2026-4124 concerns the Ziggeo WordPress plugin (versions ≤ 3.1.1). The vulnerability arises in the wp_ajax_ziggeo_ajax handler, which only checks a nonce (check_ajax_referer) and lacks capability checks via current_user_can(). The nonce ziggeo_ajax_nonce is exposed to all logged-in users thro...
CVE-2026-4124 Ziggeo <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via 'ziggeo_ajax' AJAX Action
The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wpajaxziggeoajax handler only verifies a nonce checkajaxreferer but performs no capability checks via currentusercan. Furthermore, the nonce 'ziggeoajaxnonce' is exposed to all...
EUVD-2025-4541
Malicious code in bioql PyPI...
CVE-2024-12452
The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeoevent' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2024-12452
The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeoevent' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2024-12452 Ziggeo <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeoevent' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2024-12452
The CVE-2024-12452 entry affects the Ziggeo WordPress plugin (all versions up to and including 3.1). It is a Stored Cross-Site Scripting vulnerability exposed by improper input sanitization and output escaping in the ziggeo_event shortcode, allowing authenticated attackers with contributor-level ...
CVE-2024-12452 Ziggeo <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeoevent' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
WordPress Ziggeo plugin <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Ziggeo versions = 3.1...