5 matches found
CVE-2024-37918
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCone ConeBlog – WordPress Blog Widgets coneblog-widgets.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through = 1.4.8...
CVE-2024-37918
CVE-2024-37918 affects ConeBlog – WordPress Blog Widgets (ConeBlog Widgets) for WordPress. Described as an stored XSS due to Improper Neutralization of Input During Web Page Generation, impacting ConeBlog Widgets versions from n/a through 1.4.8. The connected records confirm the same vulnerabilit...
WordPress ConeBlog – WordPress Blog Widgets Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS)
Software ConeBlog – WordPress Blog Widgets Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.4.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer WP Cone PSID 46d2d31b4e72 Credits Rafie Muhammad...
CVE-2022-4824
The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
WordPress ConeBlog – WordPress Blog Widgets plugin <= 1.4.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress ConeBlog – WordPress Blog Widgets plugin versions = 1.4.5. Solution Update the WordPress ConeBlog – WordPress Blog Widgets plugin to the latest available version at least 1.4.6...