PT-2023-21140 · Unknown · Wow-Company Button Generator

Name of the Vulnerable Software and Affected Versions: Wow-Company Button Generator – easily Button Builder plugin versions prior to 2.3.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For...

WordPress plugin Button Generator – easily Button Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting

Description The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the plugin's "Quick Start" field, add the...

CVE-2023-3274

A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btnfunctions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nate Reist Protected Posts Logout Button plugin = 1.4.5 versions...

CVE-2023-25978

The CVE-2023-25978 entry refers to the WordPress Protected Posts Logout Button plugin with a Stored XSS vulnerability in versions

CVE-2023-25978 WordPress Protected Posts Logout Button Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nate Reist Protected Posts Logout Button plugin = 1.4.5 versions...

WordPress Plugin Nate Reist Protected Posts Logout Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Cross site scripting

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPre...

CVE-2023-28933

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in StPeteDesign Call Now Accessibility Button plugin = 1.1 versions...

CVE-2023-28933

CVE-2023-28933 affects the WordPress plugin Call Now Accessibility Button by StPeteDesign, version

CVE-2023-28933 WordPress Call Now Accessibility Button Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in StPeteDesign Call Now Accessibility Button plugin = 1.1 versions...

WordPress Plugin StPeteDesign Call Now Accessibility Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-19080 · WordPress · Float Menu +11

Name of the Vulnerable Software and Affected Versions: Float menu WordPress plugin versions prior to 5.0.2 Bubble Menu WordPress plugin versions prior to 3.0.4 Button Generator WordPress plugin versions prior to 2.3.5 Calculator Builder WordPress plugin versions prior to 1.5.1 Counter Box WordPre...

WordPress Plugin Float menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...

MAL-2023-364 Malicious code in fc-radio-button (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83481051c5331447023a047dfc4f6f747cf968f9cbe6c214bd3baa3aa57c0348 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fc-radio-button (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83481051c5331447023a047dfc4f6f747cf968f9cbe6c214bd3baa3aa57c0348 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Floating Action Button Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Floating Action Button Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A2: Broken Authentication Classification Cross Site Request Forgery CSRF CVE CVE-2023-31088 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cfe34c0e96d6 Credits Yuki Haruma...

highlight.io 安全漏洞

highlight.io is open source full stack monitoring platform. Error monitoring, session replay, logging and more. A security vulnerability exists in highlight.io versions prior to 6.0.0 that stems from unintentionally logging password values when using the Show Password button...

WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Button Generator – easily Button Builder Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ad530edff5de...