2673 matches found
User-To-PC Authentication through Confirmation on Mobile Devices: on Usability and Performance
Protecting personal computers PCs from unauthorized access typically relies on password authentication, which is know to suffer from cognitive burden and weak credentials. As many users nowadays carry mobile devices with advanced security features throughout their day, there is an opportunity to...
CVE-2025-2330
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button+modal' widget in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
CVE-2025-52783
Cross-Site Request Forgery CSRF vulnerability in themelocation Change Cart button Colors WooCommerce wc-style allows Stored XSS.This issue affects Change Cart button Colors WooCommerce: from n/a through = 1.0...
CVE-2025-52783
Cross-Site Request Forgery CSRF vulnerability in themelocation Change Cart button Colors WooCommerce wc-style allows Stored XSS.This issue affects Change Cart button Colors WooCommerce: from n/a through = 1.0...
CVE-2025-52783
CVE-2025-52783 describes a CSRF vulnerability in the WordPress plugin Change Cart button Colors WooCommerce (and related WC-Style entry) that also allows Stored XSS. Affected versions are 1.0 and earlier. The CVE is rated with a high base score (7.1, CVSS‑3.1) with network attack vector, low atta...
CVE-2025-52783 WordPress Change Cart button Colors WooCommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in themelocation Change Cart button Colors WooCommerce wc-style allows Stored XSS.This issue affects Change Cart button Colors WooCommerce: from n/a through = 1.0...
PT-2025-26415 · Woocommerce · Change Cart Button Colors
Name of the Vulnerable Software and Affected Versions: Change Cart button Colors WooCommerce versions 1.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that also allows Stored XSS. This means an attacker could potentially trick a user into performing...
WordPress plugin Change Cart button Colors WooCommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Change Cart button Colors WooCommerce plugin, which arises from a web application that does not adequately...
WordPress plugin WordPress Infinite Scroll - Ajax Load More Cross Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress Infinite...
@aemforms/af-react-native (>=1.0.1 <=1.0.31), @akalli/components (=0.0.1) +151 more potentially affected by unknown CVE via @react-native-aria/button (=0.2.10)
@react-native-aria/button NPM version =0.2.10 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/button and may be impacted: - @aemforms/af-react-native =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2, =1.2.0, =0.1.0, =0.0.4, =4.0.2,...
CVE-2025-3076
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttontext’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Elementor Website Builder Pro 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Elementor Website Builder Pro plugin that stems from insufficient input cleanup and output escaping of the buttontex...
OESA-2025-1605 firefox security update
Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: In addition to detecting when a user was taking a screenshot XXX, a website was able to overlay the 'My Shots' button tha...
OESA-2025-1604 firefox security update
Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: In addition to detecting when a user was taking a screenshot XXX, a website was able to overlay the 'My Shots' button tha...
USN-7556-1: Bootstrap vulnerabilities
It was discovered that Bootstrap did not correctly sanitize certain input in the carousel component. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. CVE-2024-6484, CVE-2024-6531 It was discovered that Bootstrap did not correctly sanitize certain input in th...
USN-7556-1 twitter-bootstrap3, twitter-bootstrap4 vulnerabilities
It was discovered that Bootstrap did not correctly sanitize certain input in the carousel component. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. CVE-2024-6484, CVE-2024-6531 It was discovered that Bootstrap did not correctly sanitize certain input in th...
CVE-2025-47529
Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin experto-cta-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating...
CVE-2025-22815
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Button Block button-block allows Stored XSS.This issue affects Button Block: from n/a through = 1.1.9...
CVE-2025-22787
Missing Authorization vulnerability in bPlugins Button Block button-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through = 1.1.5...
CVE-2025-24738
Cross-Site Request Forgery CSRF vulnerability in Jerry Rietveld Call Now Button call-now-button allows Cross Site Request Forgery.This issue affects Call Now Button: from n/a through = 1.4.13...