6611 matches found
CVE-2023-24003
CVE-2023-24003 affects the WP Popups WordPress plugin, specifically versions
CVE-2023-24002 WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin = 2.6.3 versions...
CVE-2023-24002
CVE-2023-24002 affects the WordPress plugin YouTube Embed, Playlist and Popup by WpDevArt, specifically versions up to 2.6.3. The vulnerability is an authenticated (admin+) Stored XSS in the plugin. Root cause details are not expanded beyond the description, but the issue is mitigated by upgradin...
CVE-2023-24006
The CVE-2023-24006 entry affects the WordPress plugin Link Software LLC WP Terms Popup, vulnerable in versions
CVE-2023-23998 WordPress VikRentCar Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin = 1.3.0 versions...
CVE-2023-23998 WordPress VikRentCar Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin = 1.3.0 versions...
CVE-2023-23980
MailOptin Popup Builder WordPress plugin
CVE-2023-23972
CVE-2023-23972 concerns the WordPress plugin “Social Like Box and Page by WpDevArt” (Smplug-in) up to version 0.8.39. The issue is a stored XSS vulnerability that requires admin+ privileges to exploit. The underlying cause is improper sanitization/escaping in the plugin’s inputs, enabling a high-...
CVE-2023-23815
CVE-2023-23815 affects the WordPress plugin WordPress Multi-column Tag Map (Alan Jackson) versions
POLR URL 2.3.0 - Shortener Admin Takeover
Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...
CVE-2023-26536
CVE-2023-26536 affects the WordPress plugin “Jonk @ Follow me Darling Sptify Play Button for WordPress” (Sp tify Play Button) up to version 2.05. The issue is an authenticated stored XSS via shortcode attributes (contributor+ required) that can output malicious scripts. Patch available in version...
ILIAS < 7.19 Multiple Vulnerabilities
ILIAS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ilias:ilias"; if description...
CVE-2023-23977 WordPress Heateor Social Comments Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin = 1.6.1 versions...
CVE-2023-23686
CVE-2023-23686 affects WordPress Simple Staff List plugin versions
CVE-2023-23685
RadiusTheme Portfolio – WordPress Portfolio plugin versions ≤ 2.8.10 are affected by a Stored Cross-Site Scripting (XSS) vulnerability requiring contributor+ authentication. The root cause is an XSS flaw in the plugin’s handling of data stored in the vulnerable path. Impact is XSS in authenticate...
CVE-2022-4934
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code...
CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code...
Command injection
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code...
CVE-2022-4934
Sophos Web Appliance is affected by CVE-2022-4934. A post-auth command injection vulnerability resides in the exception wizard of Sophos Web Appliance versions prior to 4.3.10.4, allowing an administrator to execute arbitrary commands. The underlying issue is described in PT-2023-2216 as a failur...
CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...