5 matches found
CVE-2026-44664 fast-xml-builder: Comment Value bypass regex
fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...
WordPress AtomChat Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)
Software AtomChat Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10232 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 646d1a105951 Credits Peter Thaleikis Required...
WordPress CRM Perks Forms Plugin <= 1.1.5 is vulnerable to Broken Access Control
Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37463 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 16266b67c664 Credits Manab Jyoti Dowarah Required...
WordPress AffiEasy Plugin <= 1.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software AffiEasy Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32435 Patch priority Low CVSS severity Low 4.3 Developer AffiEasy PSID 0bbb7a2d55c1 Credits Dhabaleshwar Das Required privile...
WordPress HT Portfolio Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software HT Portfolio Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0497 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3421d1e706d1 Credits Lana Codes Required...