6 matches found
CVE-2023-41657
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...
CVE-2023-41657
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...
CVE-2023-41657
CVE-2023-41657 describes an Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in the Groundhogg HollerBox WordPress plugin, affecting versions
CVE-2023-2111 HollerBox < 2.1.4 - Admin+ SQL Injection
The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's...
WordPress HollerBox Plugin <= 2.1.3 is vulnerable to SQL Injection
Software HollerBox Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2111 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 81f314d3ef98 Credits rSolutions Security Team Required privilege Administrato...