Lucene search
K

5 matches found

Cvelist
Cvelist
added 2022/04/18 5:10 p.m.15 views

CVE-2022-1001 WP Downgrade < 1.2.3 - Admin+ Stored Cross-Site Scripting

The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is...

5.2AI score0.04782EPSS
Exploits4References2
CVE
CVE
added 2022/04/18 5:10 p.m.86 views

CVE-2022-1001

CVE-2022-1001 corresponds to a stored Cross-Site Scripting vulnerability in the WordPress WP Downgrade plugin prior to version 1.2.3. The issue arises because the plugin validates the WordPress Target Version setting only on the client side and does not sanitize/escape it server-side, enabling hi...

4.8CVSS4.8AI score0.04782EPSS
Exploits4References2Affected Software1
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.347 views

WordPress WP Downgrade Cross Site Scripting

Tittle: WordPress Plugin WP Downgrade alert/XSS/ Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba TracWordpress: https://plugins.trac.wordpress.org/changeset/2696091...

5.2AI score0.04782EPSS
Exploits4
0day.today
0day.today
added 2022/04/07 12:0 a.m.300 views

WordPress WP Downgrade Plugin < 1.2.3 - Stored Cross-Site Scripting Vulnerability

Tittle: WordPress Plugin WP Downgrade alert/XSS/ Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba TracWordpress: https://plugins.trac.wordpress.org/changeset/2696091...

4.8CVSS5.2AI score0.04782EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/17 11:4 p.m.11 views

Security Bulletin: WML CE: TensorBoard: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack.

Summary Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. TensorBoard uses lodash. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the...

2.2AI score
Exploits0Affected Software1
Rows per page
Query Builder