31 matches found
EUVD-2023-27788
Malicious code in bioql PyPI...
EUVD-2023-49945
Malicious code in bioql PyPI...
EUVD-2023-27790
Malicious code in bioql PyPI...
CVE-2023-23702
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
CVE-2023-23704
Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Comments Ratings plugin = 1.1.6 versions...
Comments Ratings <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Comments Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...
CVE-2023-23702
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
CVE-2023-23702 WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
CVE-2023-23702 WordPress Comments Ratings plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability
A vulnerability in pixelgrade Comments Ratings comments-ratings.This issue affects Comments Ratings: from n/a through = 1.1.7...
CVE-2023-23702
CVE-2023-23702 is a stored XSS vulnerability in the Pixelgrade Comments Ratings WordPress plugin (versions ≤ 1.1.7) exploitable by users with admin+ privileges. The issue permits injection of malicious scripts via the plugin’s input surface and is rated medium by CVSS (base 4.8–4.9 in sources). P...
PT-2023-19141 · Pixelgrade · Pixelgrade Comments Ratings Plugin
Name of the Vulnerable Software and Affected Versions: Pixelgrade Comments Ratings plugin versions prior to 1.1.8 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with admin+ authentication. This type of vulnerability allows an attacker to...
WordPress Plugin Comments Ratings Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Comments Ratings Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23702 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7f7df4a9e3a3 Credits yuyudhn Required privile...
Comments Ratings <= 1.1.7 - Arbitrary Settings Update via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2023-45654
Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
CVE-2023-45654
Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
CVE-2023-45654 WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
CVE-2023-45654 WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
CVE-2023-45654
CVE-2023-45654 is a CSRF vulnerability in Pixelgrade Comments Ratings plugin ≤ 1.1.7. The initial description confirms CSRF, with no explicit exploitation details in the provided documents. NVD metrics show a high base score (8.8) per CVSS 3.1, while PatchStack notes a low-priority/unclear remedi...