6612 matches found
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gautam Thapar Button Builder – Buttons X plugin = 0.8.6 versions...
CVE-2023-23867
CVE-2023-23867: WordPress Button Builder – Buttons X plugin
CVE-2023-32082
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
Code injection
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
Pentaho Business Server Auth Bypass and Server Side Template Injection RCE
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is vulnerable to an authentication bypass CVE-2022-43939 and a Server Side Template Injection SSTI vulnerability CVE-2022-43769 that can be chained together to achieve unauthenticated code...
CVE-2023-32082 etcd key name can be accessed via LeaseTimeToLive API
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
CVE-2023-32082 etcd key name can be accessed via LeaseTimeToLive API
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
CVE-2023-22720
CVE-2023-22720 affects the WordPress plugin WP Links Page by Robert Macchi. Versions ≤ 4.9.3 are vulnerable to a Stored XSS due to inadequate input handling. The vulnerability impact is described in the CVE as cross-site scripting, with a PatchSTACK entry noting the fix in version 4.9.4 . No expl...
CVE-2023-2490
CVE-2023-2490 affects the WordPress plugin UserAgent-Spy (Fernando Briano)
PT-2023-22606 · Webkil · Webkul Qloapps
Name of the Vulnerable Software and Affected Versions: Webkil QloApps version 1.5.2 Description: A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via the back and email create parameters in the AuthController.php file. Recommendations: For Webkil QloApps versi...
CVE-2022-47606 WordPress WP-CORS Plugin <= 0.2.1 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tim Stephenson WP-CORS plugin = 0.2.1 versions...
CVE-2022-27856
CVE-2022-27856 is a stored XSS vulnerability in the WordPress Atlas Gondal Export All URLs plugin, affecting versions
CVE-2022-47423
CVE-2022-47423 pertains to the WordPress WP-dTree plugin, affected versions are ≤ 4.4.5. The root cause is a Stored XSS flaw in plugin settings due to insufficient sanitization/escaping, allowing admin+ users to inject malicious content. Public sources corroborate admin-level exposure and note th...
CVE-2022-47436
CVE-2022-47436 is a Stored XSS affecting the WordPress plugin Yatra (Best Travel Booking WordPress Plugin) by MantraBrain. Public details confirm the vulnerability exists in Yatra versions through 2.1.14 and that a fix is available in version 2.1.15. The root cause is improper neutralization of i...
CVE-2023-30746
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Booqable Rental Software Booqable Rental plugin = 2.4.15 versions...
CVE-2023-22696
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Custom4Web Affiliate Links Lite plugin = 2.5 versions...
CVE-2022-33961
CVE-2022-33961 is an admin+ authenticated Stored XSS in the WordPress YellowPencil Visual CSS Style Editor plugin (
CVE-2022-32970 WordPress Themify Portfolio Post Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)
Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Themify Themify Portfolio Post plugin = 1.2.4 versions...
CVE-2023-24418
CVE-2023-24418 affects the WordPress plugin Tiny carousel horizontal slider plus (admin+). The vulnerability is a Stored Cross-Site Scripting (XSS) in versions
CVE-2023-23786
CVE-2023-23786 concerns the WordPress affiliate-toolkit plugin from Christof Servit, with a Stored XSS issue exploitable by users with Editor+ permissions in versions