1231 matches found
WordPress Image Carousel For Divi plugin <= 1.4.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Image Carousel For Divi plugin versions = 1.4.0. Solution Update the WordPress Image Carousel For Divi plugin to the latest available version at least 1.5.0...
WordPress Product Slider for WooCommerce 1.13.21 Plugin - Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/woocommerc...ts-slider/ Version: 1.13.21 Tested on: Windows 10 CVE: CVE-2021-24300 1. Description: This plugin is a easy carousel slider for...
WordPress Logo Carousel plugin licensing issues vulnerability
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Logo Carousel plugin is vulnerable to authorization issues in versions prior to 3.4.2. The...
WordPress Logo Carousel plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Logo Carousel plugin has a cross-site scripting vulnerability in versions prior to 3.4.2, which stems from a lack o...
CVE-2021-24739
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...
CVE-2021-24739
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...
CVE-2021-24738
The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2021-24738
The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
Design/Logic Flaw
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...
Cross site scripting
The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2021-24739
CVE-2021-24739 involves the WordPress Logo Carousel plugin prior to 3.4.2. Affected: Logo Carousel WordPress plugin versions before 3.4.2. Issue: authorization flaw allowing users with role as low as Contributor to duplicate and view arbitrary private posts via the Carousel Duplication feature. R...
CVE-2021-24738
The CVE-2021-24738 entry concerns the WordPress Logo Carousel plugin prior to version 3.4.2. The vulnerability arises from a failure to validate and escape the “Logo Margin” option, enabling Stored Cross-Site Scripting (XSS) by users with as little as Contributor privileges. The issue is confirme...
WordPress 插件授权问题漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Logo Carousel plugin is vulnerable to authorization issues in versions prior to 3.4.2. The...
PT-2021-16240 · WordPress · Logo Carousel
Name of the Vulnerable Software and Affected Versions: Logo Carousel WordPress plugin versions prior to 3.4.2 Description: The issue allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Logo Carousel plugin has a cross-site scripting vulnerability in versions prior to 3.4.2, which stems from a lack o...
WordPress Logo Carousel plugin <= 3.4.1 - Unauthorized Private Post Access vulnerability
Unauthorized Private Post Access vulnerability discovered by apple502j in WordPress Logo Carousel plugin versions = 3.4.1. Solution Update the WordPress Logo Carousel plugin to the latest available version at least 3.4.2...
WordPress Logo Carousel plugin <= 3.4.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Logo Carousel plugin versions = 3.4.1. Solution Update the WordPress Logo Carousel plugin to the latest available version at least 3.4.2...
Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting
The plugin does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks 1 Make a new carousel /wp-admin/post-new.php?posttype=splcshortcodes 2 Set "Logo Margin" of the Style Setting to the...
Logo Carousel < 3.4.2 - Unauthorised Private Post Access
The plugin allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature 1 Go to Logo Carousel - Shortcode Generator. 2 If there is no carousel, create one. 3 Copy URL of the "Duplicate" link under the carouse...
Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Subscriber+ Arbitrary Post Access
The plugin does not have proper authorisation check in the sfimageid AJAX action, which could allow any authenticated, such as subscriber, to view the content and title of arbitrary posts, for example private, draft and password protected ones. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: /...