7 matches found
EUVD-2024-33081
Malicious code in bioql PyPI...
CVE-2024-10390
The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10390
The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10390 Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10390
CVE-2024-10390 affects the Elfsight Telegram Chat CC WordPress plugin (versions up to and including 1.1.0). The issue is a missing capability check in updatePreferences, enabling authenticated attackers with subscriber-level access and above to inject arbitrary scripts into pages, executed when a...
CVE-2024-10390 Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
WordPress Elfsight Telegram Chat CC Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software Elfsight Telegram Chat CC Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10390 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 79fba1da063a Credits István...