EUVD-2023-27919

Malicious code in bioql PyPI...

CVE-2023-23833

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Steven Henty Drop Shadow Boxes plugin = 1.7.10 versions...

CVE-2023-5469

The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2024-10262

The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible fo...

WordPress plugin The Drop Shadow Boxes 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

WordPress Drop Shadow Boxes plugin <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Drop Shadow Boxes versions = 1.7.14...

PT-2024-16143 · WordPress · Drop Shadow Boxes

Name of the Vulnerable Software and Affected Versions: Drop Shadow Boxes plugin for WordPress versions up to, and including, 1.7.14 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action that does not properly validate a value...

WordPress Drop Shadow Boxes Plugin <= 1.7.14 is vulnerable to Arbitrary Code Execution

Software Drop Shadow Boxes Type Plugin Vulnerable versions = 1.7.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-10262 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID ab9605f66d27 Credits Arkadiusz Hydzik Required privilege...

CVE-2023-5469

The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5469

Drop Shadow Boxes (WordPress plugin) is vulnerable to stored XSS via the dropshadowbox shortcode in versions up to 1.7.13 due to insufficient input sanitization and output escaping on shortcode attributes. Authenticated attackers with contributor-level or higher permissions can inject scripts tha...

PT-2023-32124 · WordPress · Drop Shadow Boxes

Name of the Vulnerable Software and Affected Versions: Drop Shadow Boxes plugin for WordPress versions up to, and including, 1.7.13 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the dropshadowbox shortcode. This allows...

WordPress Plugin Drop Shadow Boxes Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Drop Shadow Boxes Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)

Software Drop Shadow Boxes Type Plugin Vulnerable versions = 1.7.13 Fixed in 1.7.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5469 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fdec3ba1fce0 Credits István Márton Requir...

CVE-2023-23833

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Steven Henty Drop Shadow Boxes plugin = 1.7.10 versions...

Cross site scripting

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Steven Henty Drop Shadow Boxes plugin = 1.7.10 versions...

CVE-2023-23833

CVE-2023-23833 describes an authenticated Cross-Site Scripting (XSS) vulnerability in the WordPress Drop Shadow Boxes plugin, affecting versions ≤ 1.7.10. The issue stems from improper escaping of input parameters, enabling a contributor-or-higher user to inject scripts into a site. Reported impa...

CVE-2023-23833 WordPress Drop Shadow Boxes Plugin <= 1.7.10 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Steven Henty Drop Shadow Boxes plugin = 1.7.10 versions...

CVE-2023-23833 WordPress Drop Shadow Boxes Plugin <= 1.7.10 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Steven Henty Drop Shadow Boxes plugin = 1.7.10 versions...

WordPress Plugin Drop Shadow Boxes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Drop Shadow Boxes Plugin < 1.7.12 is vulnerable to Cross Site Scripting (XSS)

Software Drop Shadow Boxes Type Plugin Vulnerable versions 1.7.12 Fixed in 1.7.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8cdb65eb9ed4 Credits Rafie Muhammad Patchstack...