26 matches found
CVE-2023-49824
Cross-Site Request Forgery CSRF vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1...
EUVD-2023-53732
Malicious code in bioql PyPI...
CVE-2023-1804
The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...
CVE-2023-1805
The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-49824
Cross-Site Request Forgery CSRF vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1...
CVE-2023-49824
Cross-Site Request Forgery CSRF vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1...
CVE-2023-49824
CVE-2023-49824 affects WordPress Plugin Product Catalog Feed by PixelYourSite (versions
CVE-2023-49824 WordPress Product Catalog Feed by PixelYourSite Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1...
PT-2023-31376 · Pixelyoursite · The Product Catalog Feed By Pixelyoursite
Name of the Vulnerable Software and Affected Versions: Product Catalog Feed by PixelYourSite versions n/a through 2.1.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a...
WordPress Plugin Product Catalog Feed by PixelYourSite Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Product Catalog Feed by...
Product Catalog Feed by PixelYourSite < 2.2.0 - Cross-Site Request Forgery
Description The Product Catalog Feed by PixelYourSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the setdisablestatus, setwpwoofschedule and checkfeedname functions. This makes i...
WordPress Product Catalog Feed by PixelYourSite Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Product Catalog Feed by PixelYourSite Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49824 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 425c3092d30b Credi...
CVE-2023-1804
The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...
Cross site scripting
The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Cross site scripting
The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...
CVE-2023-1804
The CVE-2023-1804 entry concerns the WordPress plugin Product Catalog Feed by PixelYourSite, affected in versions prior to 2.1.1. The underlying issue is that the edit parameter is not sanitised or escaped when output back into an attribute, resulting in a Reflected XSS vulnerability. The impact ...
CVE-2023-1804 Product Catalog Feed by PixelYourSite < 2.1.1 - Reflected XSS
The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...
CVE-2023-1805
The WordPress plugin Product Catalog Feed by PixelYourSite (affected: versions before 2.1.1) is vulnerable to a reflected XSS via the page parameter, which is output in an HTML attribute and could affect high-privilege users (e.g., admins). CVE-2023-1805 documents this issue. A fix is available i...
WordPress Product Catalog Feed by PixelYourSite Plugin < 2.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Product Catalog Feed by PixelYourSite Type Plugin Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1804 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 27de0c95fe70 Credits...