13 matches found
CVE-2024-9350
The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchvalue' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-9350
The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchvalue' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-9350
CVE-2024-9350 (DPD Baltic Shipping, WordPress) Reflected Cross-Site Scripting via the search_value parameter in all versions up to and including 1.2.83. Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated attackers can inject scripts into pages that execute if...
CVE-2024-9350 DPD Baltic Shipping <= 1.2.83 - Reflected Cross-Site Scripting
The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchvalue' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress plugin DPD Baltic Shipping 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...
WordPress DPD Baltic Shipping plugin <= 1.2.83 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin DPD Baltic Shipping versions = 1.2.83...
WordPress DPD Baltic Shipping Plugin <= 1.2.83 is vulnerable to Cross Site Scripting (XSS)
Software DPD Baltic Shipping Type Plugin Vulnerable versions = 1.2.83 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9350 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c5aa369cd88 Credits vgo0 Required...
PT-2024-39585 · WordPress · Dpd Baltic Shipping
Name of the Vulnerable Software and Affected Versions: DPD Baltic Shipping plugin for WordPress versions up to, and including, 1.2.83 Description: The issue is related to Reflected Cross-Site Scripting via the search value parameter due to insufficient input sanitization and output escaping. This...
CVE-2022-3999
The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...
CVE-2022-3999
The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...
Cross site request forgery (csrf)
The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...
CVE-2022-3999
Affected software: DPD Baltic Shipping WordPress plugin. Vulnerable: versions prior to 1.2.57, due to missing authorization and CSRF protection in an AJAX action. Impact: any authenticated user (e.g., subscriber) could delete arbitrary options, potentially rendering the blog unavailable. Remediat...
WordPress WooCommerce Shipping - DPD baltic plugin <= 1.2.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress WooCommerce Shipping - DPD baltic plugin versions = 1.2.8. Solution Update the WordPress DPD Baltic Shipping plugin to the latest available version at least 1.2.11...