CVE-2023-25783 WordPress FireCask Like & Share Button Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alex Moss FireCask Like & Share Button plugin = 1.1.5 versions...

WordPress Ko-fi Button Plugin < 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Ko-fi Button Type Plugin Vulnerable versions 1.3.3 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2254 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID af182fbd1aaa Credits Felipe Restrepo Rodriguez...

CVE-2023-25479

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...

CVE-2023-25479 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...

CVE-2023-25479 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...

WordPress plugin Podlove Subscribe button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2023-20097 · Podlove · Podlove Subscribe Button

Name of the Vulnerable Software and Affected Versions: Podlove Podlove Subscribe button plugin versions 1.3.7 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions 1.3.7 a...

CVE-2023-22686

Cross-Site Request Forgery CSRF vulnerability in TriniTronic Nice PayPal Button Lite plugin = 1.3.5 versions...

CVE-2023-22686

Cross-Site Request Forgery CSRF vulnerability in TriniTronic Nice PayPal Button Lite plugin = 1.3.5 versions...

CVE-2023-22686

CVE-2023-22686 affects the WordPress plugin “Nice PayPal Button Lite” (TriniTronic) up to version 1.3.5. The root cause is a CSRF vulnerability due to insufficient CSRF checks in the plugin, enabling an attacker to coax a user into performing unintended actions on a site the user is authenticated...

CVE-2023-22686 WordPress Nice PayPal Button Lite Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in TriniTronic Nice PayPal Button Lite plugin = 1.3.5 versions...

WordPress Plugin Nice PayPal Button Lite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

PT-2023-18631 · WordPress · Trinitronic Nice Paypal Button Lite

Name of the Vulnerable Software and Affected Versions: TriniTronic Nice PayPal Button Lite plugin versions 1.3.5 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintend...

GHSA-G66V-3V62-G375 RosarioSIS improper access control vulnerability

RosarioSIS prior to version 10.9.3 has a vulnerability that allows a user to return to a page containing personally identifiable information PII and sensitive information even after logging out of the application by using the browser's back button...

RosarioSIS improper access control vulnerability

RosarioSIS prior to version 10.9.3 has a vulnerability that allows a user to return to a page containing personally identifiable information PII and sensitive information even after logging out of the application by using the browser's back button...

PT-2023-18362 · Unknown · Rosariosis

Name of the Vulnerable Software and Affected Versions: RosarioSIS versions prior to 10.9.3 Description: The issue allows a user to access a page containing personally identifiable information PII and sensitive information after logging out of the application by using the browser's back button. Th...

WordPress Button Builder – Buttons X Plugin <= 0.8.6 is vulnerable to Cross Site Scripting (XSS)

Software Button Builder – Buttons X Type Plugin Vulnerable versions = 0.8.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23867 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 97c89a33bd2e Credits István Márton...

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from XWiki France. XWiki Platform suffers from an injection vulnerability, which stems from improper escaping in the Cancel and return to page buttons, that allows any user with view rights to...

CVE-2023-27643

An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library...

Design/Logic Flaw

An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library...