PT-2024-19269 · WordPress · Button Contact Vr Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Button contact VR WordPress plugin versions through 4.7 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised...

WordPress plugin Button contact VR 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

Tools for Humanity: [Meetup][World ID][OIDC] Insufficient Filtering of "state" Parameter in Response Mode form_post leads to XSS and ATO

A lack of proper validation in the state parameter of the World ID OIDC authentication logic allowed the injection of HTML characters into the response body when using formpost as the OIDC response mode. This vulnerability was mitigated by the Content Security Policy CSP...

xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leadin...

xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leadin...

xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved...

CentOS 8 : xorg-x11-server-Xwayland (CESA-2024:2996)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:2996 advisory. - A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data...

CVE-2024-4700

The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...

PT-2024-32332 · WordPress · Wp Table Builder

Name of the Vulnerable Software and Affected Versions: The WP Table Builder – WordPress Table Plugin versions up to, and including, 1.4.14 Description: The issue is related to Stored Cross-Site Scripting via the button element due to insufficient input sanitization and output escaping. This allow...

PT-2024-32315 · WordPress · Testimonial Carousel For Elementor

Name of the Vulnerable Software and Affected Versions: Testimonial Carousel For Elementor plugin for WordPress versions up to, and including, 10.1.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticat...

CVE-2024-4702

The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2024-4702 Mega Elements <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

WordPress Mega Elements plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by stealthcopter in WordPress Plugin Mega Elements versions = 1.2.1...

WordPress plugin Mega Elements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Themify Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exists in the WordPress plugi...

OESA-2024-1548 xorg-x11-server-xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fixes: A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.CVE-2023-6478 A...

WordPress Themify Shortcodes plugin <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via themify_button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via themifybutton Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Themify Shortcodes versions = 2.0.9...

CVE-2024-29210

A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...

CVE-2024-29209

A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...

CVE-2024-29210

A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...