CVE-2022-4628 Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode

The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2022-4628 Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode

The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

WordPress plugin Easy PayPal Buy Now Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

Microweber Cross-Site Scripting Vulnerability (CNVD-2023-07919)

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in versions of Microweber prior to 1.3.2, which stems from a security issue in...

Microweber 跨站脚本漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in versions of Microweber prior to 1.3.2, which stems from a security issue in...

WordPress Easy PayPal Buy Now Button Plugin < 1.7.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Easy PayPal Buy Now Button Type Plugin Vulnerable versions 1.7.3 Fixed in 1.7.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d96c1118d3fb Credits WPScanTeam Required...

WordPress Nice PayPal Button Lite Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Nice PayPal Button Lite Type Plugin Vulnerable versions = 1.3.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-22686 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 497c643d4eec Credits Mika Required...

Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC wpecpp name="' accesskey='X'...

Nice PayPal Button Lite <= 1.3.5 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

WordPress GamiPress – Button Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software GamiPress – Button Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f951420d1e59 Credits N/A Required privilege...

yuko-bot 安全漏洞

yuko-bot is a simple irc button for Mangas by the individual developer Emma Florenzano. A security vulnerability exists in yuko-bot, which stems from the fact that incorrect manipulation of the parameter title can lead to a denial of service...

Stripe: XSS vulnerability without a content security bypass in a `CUSTOM` App through Button tag

A possible XSS vulnerability was discovered in a CUSTOM app through the Button tag, without being able to bypass a content security policy. An attacker could exploit this vulnerability to execute malicious code on the affected website...

Simple Membership < 4.2.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. PoC 1. Exploit...

Shoplazza LifeStyle 跨站脚本漏洞

Shoplazza LifeStyle is an e-commerce website by Shoplazza, Inc. A security vulnerability exists in Shoplazza LifeStyle version 1.1, which stems from cross-site scripting due to incorrect manipulation of the parameters Subheading/Heading/Text/Button Text/Label...

AZL-44433 CVE-2022-46341 affecting package xorg-x11-server 1.20.10-6

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged an...

The vulnerability of the “Create poll” module in the YOP Poll plugin of the WordPress content management system allows a hacker to perform cross-site scripting attacks.

The vulnerability of the “Create poll” module in the YOP Poll plugin of the WordPress content management system is related to the lack of protection for website structure when processing parameters such as “Vote Button Label”, “Show Results Link”, and “Display Back to vote Link”. Exploiting this...

UBUNTU-CVE-2022-46341

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged an...

CVE-2022-4005

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

CVE-2022-4005

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

CVE-2022-4004

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes t...