CVE-2024-2908 Call Now Button < 1.4.7 - Admin+ Stored XSS

The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Call Now Button Plugin < 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software Call Now Button Type Plugin Vulnerable versions 1.4.7 Fixed in 1.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2908 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1848a4a46e87 Credits Dikshita Trivedi...

PT-2024-22706 · WordPress · Call Now Button

Name of the Vulnerable Software and Affected Versions: The Call Now Button WordPress plugin versions prior to 1.4.7 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for examp...

WordPress plugin Call Now Button 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

SUSE-SU-2024:1437-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 115.10.1 Security fixes MFSA 2024-20 bsc1222535: - CVE-2024-3852: GetBoundName in the JIT returned the wrong object bmo1883542 - CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement...

CVE-2024-32722 WordPress Coupon & Discount Code Reveal Button plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5...

CVE-2024-32722 WordPress Coupon & Discount Code Reveal Button plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5...

PT-2024-24810 · Unknown · Coupon & Discount Code Reveal Button

Name of the Vulnerable Software and Affected Versions: Coupon & Discount Code Reveal Button versions 1.2.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Stored XSS vulnerability. This allows for the storage of...

Cross-site Scripting (XSS)

LibreNMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization on the Service template name which is reflecting in delete button onclick event. This allows malicious javascript code to be stored and executed...

WordPress Exclusive Addons for Elementor plugin <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by wesley wcraft in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.3...

LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS

Summary There is improper sanitization on Service template name which is reflecting in delete button onclick event. This value can be modified and crafted as any other javascript code. Vulnerable Code...

GHSA-72M9-7C8X-PMMW LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS

Summary There is improper sanitization on Service template name which is reflecting in delete button onclick event. This value can be modified and crafted as any other javascript code. Vulnerable Code...

WordPress Coupon & Discount Code Reveal Button plugin <=1.2.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Coupon & Discount Code Reveal Button versions = 1.2.5...

WordPress Plugin ShopLentor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-16372 · WordPress · The Shoplentor – Woocommerce Builder For Elementor & Gutenberg +10 Modules – All In One Solution

Name of the Vulnerable Software and Affected Versions: The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution plugin for WordPress versions up to, and including, 2.8.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's...

CVE-2024-3598

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

WordPress Plugin ElementsKit Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-26818 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.0 Description: The issue is related to Stored Cross-Site Scripting in the Creative Button widget due to insufficient input sanitization and output escaping on user-suppli...

WordPress Simple Buttons Creator plugin <= 1.04 - Arbitrary Button Deletion via CSRF vulnerability

Arbitrary Button Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Simple Buttons Creator versions = 1.04...

CVE-2024-2858 Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF

The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...