73 matches found
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Liquidweb Restrict_Content
CVE-2023-47668 Restrict Content = 3.2.7 - Information Expo...
CVE-2022-43458
Auth. contributor+ Cross-Site Scripting XSS vulnerability in Code Tides Advanced Floating Content plugin = 1.2.1 versions...
CVE-2022-43458
CVE-2022-43458 affects Code Tides Advanced Floating Content plugin (versions ≤ 1.2.1). The issue is a Cross-Site Scripting (XSS) vulnerability exploitable by users with contributor or higher permissions. Root cause details are not specified beyond the XSS exposure. Mitigation: update to a version...
CVE-2023-0067
The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0067 Timed Content < 2.73 - Contributor+ Stored XSS
The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PT-2023-15984 · WordPress · Timed Content
Name of the Vulnerable Software and Affected Versions: Timed Content WordPress plugin versions prior to 2.73 Description: The issue concerns the Timed Content WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them in a page or post...
CVE-2022-4715 Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode
The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
WordPress post-pay-counter plugin injection vulnerability
WordPress is the WordPress Foundation's set of blogging platform using PHP language development. The platform supports PHP and MySQL servers to set up a personal blog site. post-pay-counter is used in one of the online paid content billing, management plug-ins. An injection vulnerability exists i...
Wordpress simplified-content plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites on PHP and MySQL servers. simplified-content is one of the plug-ins used to simplify the content. A cross-site scripting vulnerability exists in...
Joomla! Component com_commedia - task SQL Injection
Joomla! Component comcommedia - task SQL Injection Exploit Title: Joomla commedia Remote Exploit dork: inurl:index.php?option=comcommedia Date: 18-10-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R Vendor: http://www.ecolora.org/ Version: 3.1 last update on Oct 7, 2012 and lowers License:...
Joomla Commedia Plugin (index.php, task parameter) SQL Injection
Exploit for php platform in category web applications Exploit Title: Joomla commedia Remote Exploit dork: inurl:index.php?option=comcommedia Date: 18-10-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R Vendor: http://www.ecolora.org/ Version: 3.1 last update on Oct 7, 2012 and lowers Licens...
Joomla Component com_commedia SQL Injection Exploit
Commedia - a component and content plugin that allows you to create a content table containing all of the MP3's that are present in any directory of your site, a FTP-server folder, single path to ftp-file or a HTTPS-server DROPBOX, folder, single path to http-file or http-radio Exploit Title:...
WordPress Featured Content Plugin 0.0.1 - Cross-Site Scripting Vulnerability
Featured Content plugin's "listid" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...