2673 matches found
WordPress Easy PayPal Buy Now Button Plugin <= 1.8.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Easy PayPal Buy Now Button Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1719 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f03172222f7e Credits Krzysztof...
WordPress Plugin Easy PayPal & Stripe Buy Now Button Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Plugin Easy PayPal & Stripe Buy Now Button Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
Elementor Addon Elements < 1.13 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrar...
SuperCali 1.1.0 Cross Site Scripting
Exploit Title: SuperCali Version : 1.1.0 - Reflected XSS Date: 2024-23-02 Exploit Author: tmrswrr Vendor Homepage: https://supercali.inforest.com Version : 1.1.0 Tested on: https://softaculous.com/demos/supercali 1 Go to admin login url : https://127.0.0.1/SuperCali/login.php 2 Write your payload...
CVE-2024-1590
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2024-1590
CVE-2024-1590 affects the WordPress Page Builder Pagelayer plugin (versions up to and including 1.8.2). The vulnerability is a Stored XSS in the Button Widget due to insufficient input sanitization and output escaping on user-supplied attributes. With contributor-level (or higher) authentication,...
Page Builder < 1.8.3 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Button Widget options before outputting them back in a page/post where the widget is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PT-2024-18154 · Pagelayer · Pagelayer
Name of the Vulnerable Software and Affected Versions: Pagelayer versions up to, and including, 1.8.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Button Widget of the Pagelayer plugin. This allows authenticated attacker...
Dotclear 2.29 Cross Site Scripting Vulnerability
Exploit Title: Dotclear Version : 2.29 - Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://dotclear.org/ Version : 2.29 Tested on: https://softaculous.com/demos/dotclear 1 Enter admin panel after write search button this payload : " 2...
CVE-2023-40111
In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of systemserver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2023-40111
In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of systemserver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2024-1157
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and...
WordPress Plugin Bold Page Builder Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-19806 · Mattermost · Mattermost Jira Plugin
Name of the Vulnerable Software and Affected Versions: Mattermost Jira Plugin affected versions not specified Description: The Mattermost Jira Plugin fails to protect against logout CSRF, allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in...
CVE-2024-1118
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2024-1118
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...
Sql injection
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2024-1118 Podlove Subscribe button <= 1.3.10 - Authenticated (Contributor+) SQL Injection
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...
WordPress Podlove Subscribe button Plugin <= 1.3.10 is vulnerable to SQL Injection
Software Podlove Subscribe button Type Plugin Vulnerable versions = 1.3.10 Fixed in 1.3.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1118 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID fcca748172f2 Credits Lucio Sá Required privilege Contributor...