26 matches found
EUVD-2024-45627
Malicious code in bioql PyPI...
CVE-2024-51827
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Movement Ventures Boombox Shortcode boombox-shortcode allows DOM-Based XSS.This issue affects Boombox Shortcode: from n/a through = 1.0.0...
CVE-2024-12295
The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user's identity prior to updating their password through the 'boomboxajaxresetpassword'...
CVE-2024-12295
The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user's identity prior to updating their password through the 'boomboxajaxresetpassword'...
CVE-2024-12295 BoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password
The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user's identity prior to updating their password through the 'boomboxajaxresetpassword'...
CVE-2024-12295 BoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password
The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user's identity prior to updating their password through the 'boomboxajaxresetpassword'...
CVE-2024-12295
CVE-2024-12295 affects BoomBox Theme Extensions plugin for WordPress (versions up to 1.8.0). The vulnerability allows authenticated attackers with subscriber-level privileges and above to escalate privileges by abusing the boombox_ajax_reset_password function to update arbitrary users’ passwords,...
WordPress plugin BoomBox Theme Extensions 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...
CVE-2024-12859
The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boomboxlisting' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and...
WordPress BoomBox Theme Extensions plugin <= 1.8.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability
Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton in WordPress Plugin BoomBox Theme Extensions versions = 1.8.0...
CVE-2024-12859 BoomBox Theme Extensions <= 1.8.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boomboxlisting' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and...
CVE-2024-12859 BoomBox Theme Extensions <= 1.8.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boomboxlisting' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and...
CVE-2024-12859
CVE-2024-12859 describes a Local File Inclusion vulnerability in the BoomBox Theme Extensions plugin for WordPress (versions up to and including 1.8.0). An authenticated attacker with contributor-level or higher permissions can abuse the boombox_listing shortcode with the type attribute to includ...
WordPress plugin BoomBox Theme Extensions 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2024-51827
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Movement Ventures Boombox Shortcode boombox-shortcode allows DOM-Based XSS.This issue affects Boombox Shortcode: from n/a through = 1.0.0...
CVE-2024-51827 WordPress Boombox Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Movement Ventures Boombox Shortcode boombox-shortcode allows DOM-Based XSS.This issue affects Boombox Shortcode: from n/a through = 1.0.0...
CVE-2024-51827 WordPress Boombox Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Boombox Boombox Shortcode allows DOM-Based XSS.This issue affects Boombox Shortcode: from n/a through 1.0.0...
CVE-2024-51827
CVE-2024-51827 concerns Boombox Shortcode plugin for WordPress. The connected sources confirm a DOM-based XSS due to improper input neutralization during web page generation, affecting Boombox Shortcode versions n/a through 1.0.0. The vulnerability is categorized as Cross‑Site Scripting with a me...
WordPress plugin Boombox Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-34954 · Unknown · Boombox Shortcode
Name of the Vulnerable Software and Affected Versions: Boombox Shortcode versions n/a through 1.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This enables potential attackers to...