Lucene search
K

1231 matches found

Patchstack
Patchstack
added 2022/02/28 12:0 a.m.14 views

WordPress Image Carousel For Divi plugin <= 1.4.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Image Carousel For Divi plugin versions = 1.4.0. Solution Update the WordPress Image Carousel For Divi plugin to the latest available version at least 1.5.0...

2.6AI score
Exploits0References2Affected Software1
0day.today
0day.today
added 2022/02/02 12:0 a.m.263 views

WordPress Product Slider for WooCommerce 1.13.21 Plugin - Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/woocommerc...ts-slider/ Version: 1.13.21 Tested on: Windows 10 CVE: CVE-2021-24300 1. Description: This plugin is a easy carousel slider for...

6.1CVSS6.3AI score0.10587EPSS
Exploits5
CNVD
CNVD
added 2021/12/26 12:0 a.m.15 views

WordPress Logo Carousel plugin licensing issues vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Logo Carousel plugin is vulnerable to authorization issues in versions prior to 3.4.2. The...

8.1CVSS2.5AI score0.01006EPSS
Exploits2References1
CNVD
CNVD
added 2021/12/26 12:0 a.m.14 views

WordPress Logo Carousel plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Logo Carousel plugin has a cross-site scripting vulnerability in versions prior to 3.4.2, which stems from a lack o...

5.4CVSS1.8AI score0.00604EPSS
Exploits2References1
NVD
NVD
added 2021/12/21 9:15 a.m.14 views

CVE-2021-24739

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

8.1CVSS0.01006EPSS
Exploits2References1
OSV
OSV
added 2021/12/21 9:15 a.m.6 views

CVE-2021-24739

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

8.1CVSS5.9AI score0.01006EPSS
Exploits2References1
OSV
OSV
added 2021/12/21 9:15 a.m.5 views

CVE-2021-24738

The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00604EPSS
Exploits2References1
NVD
NVD
added 2021/12/21 9:15 a.m.14 views

CVE-2021-24738

The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS0.00604EPSS
Exploits2References1
Prion
Prion
added 2021/12/21 9:15 a.m.17 views

Design/Logic Flaw

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

5.5CVSS8AI score0.01006EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2021/12/21 9:15 a.m.10 views

Cross site scripting

The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

3.5CVSS5.3AI score0.00604EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/12/21 8:45 a.m.61 views

CVE-2021-24739

CVE-2021-24739 involves the WordPress Logo Carousel plugin prior to 3.4.2. Affected: Logo Carousel WordPress plugin versions before 3.4.2. Issue: authorization flaw allowing users with role as low as Contributor to duplicate and view arbitrary private posts via the Carousel Duplication feature. R...

8.1CVSS8AI score0.01006EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/12/21 8:45 a.m.55 views

CVE-2021-24738

The CVE-2021-24738 entry concerns the WordPress Logo Carousel plugin prior to version 3.4.2. The vulnerability arises from a failure to validate and escape the “Logo Margin” option, enabling Stored Cross-Site Scripting (XSS) by users with as little as Contributor privileges. The issue is confirme...

5.4CVSS5.2AI score0.00604EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.4 views

WordPress 插件授权问题漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Logo Carousel plugin is vulnerable to authorization issues in versions prior to 3.4.2. The...

8.1CVSS5.9AI score0.01006EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2021/12/21 12:0 a.m.7 views

PT-2021-16240 · WordPress · Logo Carousel

Name of the Vulnerable Software and Affected Versions: Logo Carousel WordPress plugin versions prior to 3.4.2 Description: The issue allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

8.1CVSS8AI score0.01006EPSS
Exploits2References4
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.2 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Logo Carousel plugin has a cross-site scripting vulnerability in versions prior to 3.4.2, which stems from a lack o...

5.4CVSS5.2AI score0.00604EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/11/22 12:0 a.m.20 views

WordPress Logo Carousel plugin <= 3.4.1 - Unauthorized Private Post Access vulnerability

Unauthorized Private Post Access vulnerability discovered by apple502j in WordPress Logo Carousel plugin versions = 3.4.1. Solution Update the WordPress Logo Carousel plugin to the latest available version at least 3.4.2...

8.1CVSS3.2AI score0.01006EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/22 12:0 a.m.13 views

WordPress Logo Carousel plugin <= 3.4.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Logo Carousel plugin versions = 3.4.1. Solution Update the WordPress Logo Carousel plugin to the latest available version at least 3.4.2...

5.4CVSS1.9AI score0.00604EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/11/22 12:0 a.m.160 views

Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks 1 Make a new carousel /wp-admin/post-new.php?posttype=splcshortcodes 2 Set "Logo Margin" of the Style Setting to the...

5.4CVSS0.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/22 12:0 a.m.145 views

Logo Carousel < 3.4.2 - Unauthorised Private Post Access

The plugin allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature 1 Go to Logo Carousel - Shortcode Generator. 2 If there is no carousel, create one. 3 Copy URL of the "Duplicate" link under the carouse...

8.1CVSS0.6AI score0.01006EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/20 12:0 a.m.709 views

Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Subscriber+ Arbitrary Post Access

The plugin does not have proper authorisation check in the sfimageid AJAX action, which could allow any authenticated, such as subscriber, to view the content and title of arbitrary posts, for example private, draft and password protected ones. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: /...

0.1AI score
Exploits0
Rows per page
Query Builder