WordPress plugin Sptify Play Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-17273 · WordPress · Spotify Play Button

Name of the Vulnerable Software and Affected Versions: The Sptify Play Button for WordPress plugin versions up to, and including, 2.07 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

WordPress Accessibility Help Button 1.1 Cross Site Scripting

Exploit Title: WordPress Plugin Accessibility Help Button – Stored Cross Site Scripting. Date: 2-04-2023 Exploit Author: Taliya Bilal- NightHawk Vendor Homepage: https://wordpress.com/plugins/accessibility-help-button Version: 1.1 Tested on: Firefox Contact me: [email protected] Steps to...

Subrion CMS 4.2.1 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Subrion CMS 4.2.1 - Stored Cross-Site Scripting XSS Exploit Author: Sinem Şahin Vendor Homepage: https://intelliants.com/ Version: 4.2.1 Tested on: Windows & XAMPP == Tutorial http://HOST/panel/fields/add 2- Write XSS Payload into the tooltip value of the field add page. 3- Press...

CVE-2023-26912

Cross site scripting XSS vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button...

CVE-2023-26912

Cross site scripting XSS vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button...

Cross site scripting

Cross site scripting XSS vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button...

xenv S-mall-ssm 跨站脚本漏洞

S-mall-ssm Small Mall System is a mall system by the China Not So Empty xenv individual developer. A security vulnerability exists in xenv S-mall-ssm, which originated from a vulnerability that allows a local attacker to execute arbitrary code via the evaluate button...

WordPress Plugin MaxButtons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2023-10160 · WordPress · Maxbuttons Plugin

Name of the Vulnerable Software and Affected Versions: MaxButtons Plugin versions up to 1.26.0 Description: A vulnerability was found in the MaxButtons Plugin and classified as problematic. This issue affects the function maxbuttons strip px of the file includes/maxbuttons-button.php. The...

WordPress Blog Floating Button Plugin <= 1.4.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blog Floating Button Type Plugin Vulnerable versions = 1.4.12 Fixed in 1.4.13 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27445 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7093cf42235a Credits Rio Darmawan...

WordPress Button Generator – easily Button Builder Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Button Generator – easily Button Builder Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27452 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5f62ad483358 Credit...

Sp*tify Play Button for WordPress < 2.06 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Sp*tify Play Button for WordPress Plugin <= 2.05 is vulnerable to Cross Site Scripting (XSS)

Software Sptify Play Button for WordPress Type Plugin Vulnerable versions = 2.05 Fixed in 2.06 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26536 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e5491367060 Credits Mika...

XSS in button home page

Description vuln was find in File/Documents/Home , any button in page Proof of Concept 1. Login in URL : https://demo.pimcore.fun/admin 2. Go to File - Open Documents - Home 3. click any button in page - Edit Link 4. in tab Advanced, inject payload to : Attributes key="value" For more understandi...

twitter-button.net Cross Site Scripting vulnerability OBB-3199150

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Protected Posts Logout Button Plugin <= 1.4.5 is vulnerable to Broken Access Control

Software Protected Posts Logout Button Type Plugin Vulnerable versions = 1.4.5 Fixed in 1.4.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25454 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 524d5fc86c25 Credits yuyudhn Require...

Insufficient Session Expiration

Description Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. When handling sessions, web developers can rely either on server tokens or generate session identifiers within the application. Each session should...

CVE-2023-24499

Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use...

Design/Logic Flaw

Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use...