303 matches found
PT-2024-16878 · WordPress · Gd Bbpress Attachments
Name of the Vulnerable Software and Affected Versions: GD bbPress Attachments plugin for WordPress versions up to, and including, 4.7.2 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. This allows...
WordPress GD bbPress Attachments plugin <= 4.7.2 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin GD bbPress Attachments versions = 4.7.2...
WordPress GD bbPress Attachments Plugin <= 4.7.2 is vulnerable to Cross Site Scripting (XSS)
Software GD bbPress Attachments Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11278 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3fddb2474371 Credits Colin Xu...
PT-2024-39922 · WordPress · The Bbp Core
Name of the Vulnerable Software and Affected Versions: The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress versions 1.2.5 and earlier Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping...
CVE-2024-37485
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...
CVE-2024-37485
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...
CVE-2024-37485 WordPress bbPress Notify (No-Spam) plugin <= 2.18.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...
CVE-2024-37485 WordPress bbPress Notify (No-Spam) plugin <= 2.18.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...
PT-2024-27594 · Unknown · Bbpress Notify
Name of the Vulnerable Software and Affected Versions: bbPress Notify versions 2.18.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For bbPress...
WordPress bbPress Notify (No-Spam) plugin <= 2.18.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin bbPress Notify versions = 2.18.3...
WordPress bbPress Notify Plugin <= 2.18.3 is vulnerable to Cross Site Scripting (XSS)
Software bbPress Notify Type Plugin Vulnerable versions = 2.18.3 Fixed in 2.18.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37485 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 64ebe76096fa Credits Dimas Maulana Required privileg...
Exploit for CVE-2024-3293
CVE-2024-3293-Poc rtMedia for WordPress, BuddyPress and bbPre...
WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.6.18 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by WordFence in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.6.18...
WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.18 is vulnerable to SQL Injection
Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.18 Fixed in 4.6.19 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 8c202745894f Credits WordFence Required privile...
CVE-2024-3293 rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmediagallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2024-3293
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmediagallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2024-3293
The RTMedia plugin for WordPress (rtMedia for WordPress, BuddyPress and bbPress) contains a blind SQL Injection in the rtmedia_gallery shortcode in all versions up to 4.6.18, due to insufficient escaping of user input and lack of proper SQL query preparation. Authenticated attackers with contribu...
WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.18 is vulnerable to SQL Injection
Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.18 Fixed in 4.6.19 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3293 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7b7bd27ebebe Credits Krzysztof Zając...
WordPress plugin rtMedia for WordPress, BuddyPress and bbPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
rtMedia for WordPress, BuddyPress and bbPress < 4.6.19 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode
Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmediagallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...