WordPress plugin Nonaki 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

EUVD-2023-49896

Malicious code in bioql PyPI...

CVE-2021-24872

The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata...

CVE-2023-45604

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Scott Reilly Get Custom Field Values plugin = 4.0.1 versions...

CVE-2023-45604

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Scott Reilly Get Custom Field Values plugin = 4.0.1 versions...

CVE-2023-45604

CVE-2023-45604 affects WordPress users running the Scott Reilly Get Custom Field Values plugin, version

WordPress Get Custom Field Values Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Get Custom Field Values Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45604 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8b0df9061359 Credits Satoo Nakano Required privilege...

UBUNTU-CVE-2022-39376

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...

GLPI 输入验证错误漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

WordPress Get Custom Field Values plugin access control error vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blogging sites on PHP and MySQL servers. Get Custom Field Values Plugin is a WordPress open source application plugin. WordPress Get Custom Field Values...

CVE-2021-24872

The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata...

CVE-2021-24871

The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

CVE-2021-24872

The CVE-2021-24872 entry concerns the WordPress Get Custom Field Values plugin, prior to version 4.0, where users with a low-privilege role (as low as Contributor) can access other posts’ metadata without permission checks. The root cause is an access-control flaw that allows metadata exposure ac...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Get Custom Field Values Plugin is a WordPress open source application plugin. WordPress Get Custom Field Values Plugin...

WordPress 插件安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blogging sites on PHP and MySQL servers. Get Custom Field Values Plugin is a WordPress open source application plugin. WordPress Get Custom Field Values...

WordPress Get Custom Field Values plugin <= 3.9.4 - Arbitrary Post Metadata Access vulnerability

Arbitrary Post Metadata Access vulnerability discovered by Francesco Carlucci in WordPress Get Custom Field Values plugin versions = 3.9.4. Solution Update the WordPress Get Custom Field Values plugin to the latest available version at least 4.0...

CVE-2011-1685

CVE-2011-1685 affects Best Practical RT (Request Tracker) versions 3.8.0–3.8.9 and 4.0.0rc–4.0.0rc7, where enabling CustomFieldValuesSources (external custom fields) allows remote authenticated users to execute arbitrary code via CSRF. The vulnerability arises from the external custom field featu...