EUVD-2023-27909

Malicious code in bioql PyPI...

EUVD-2023-53197

Malicious code in bioql PyPI...

CVE-2023-23823

Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8...

CVE-2023-49192

Missing Authorization vulnerability in cl272 Enhanced Text Widget enhanced-text-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through = 1.6.3...

CVE-2023-49192

Missing Authorization vulnerability in cl272 Enhanced Text Widget enhanced-text-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through = 1.6.3...

CVE-2023-23823

Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8...

CVE-2023-23823

CVE-2023-23823 refers to a missing authorization vulnerability in the WordPress plugin Enhanced Text Widget up to version 1.5.8 . The underlying issue is a failure in access control (broken authorization) that could allow unauthorized actions on the widget. The CVSS base score is 4.3 (Medium) , w...

CVE-2023-23823 WordPress Enhanced Text Widget plugin <= 1.5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8...

CVE-2023-23823 WordPress Enhanced Text Widget plugin <= 1.5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8...

WordPress plugin Enhanced Text Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-12001 · Unknown · Clever Widgets Enhanced Text Widget

Name of the Vulnerable Software and Affected Versions: Clever Widgets Enhanced Text Widget versions 1.5.8 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Enhanced Text Widget, which allows exploiting incorrectly configured access control security...

PT-2024-13689 · Unknown · Clever Widgets Enhanced Text Widget

Name of the Vulnerable Software and Affected Versions: Clever Widgets Enhanced Text Widget versions 1.6.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Enhanced Text Widget, which allows exploiting incorrectly configured access control security...

WordPress plugin Enhanced Text Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Enhanced Text Widget plugin <= 1.6.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Enhanced Text Widget versions = 1.6.4...

CVE-2024-0559

The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2024-0559

The CVE-2024-0559 entry concerns the Enhanced Text Widget WordPress plugin (pre-1.6.6). The issue is that certain Widget options are not properly validated or escaped before being echoed in attributes, allowing Stored XSS by high-privilege users (e.g., administrators) even when unfiltered_html is...

WordPress Plugin Enhanced Text Widget Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-15658 · WordPress · Enhanced Text Widget

Name of the Vulnerable Software and Affected Versions: Enhanced Text Widget WordPress plugin versions prior to 1.6.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

WordPress Enhanced Text Widget Plugin < 1.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Enhanced Text Widget Type Plugin Vulnerable versions 1.6.6 Fixed in 1.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0559 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59b7618d5a60 Credits Dmitrii Ignatyev...

Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...