WordPress plugin Image Hover Effects 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-17169 · WordPress · Image Hover Effects – Elementor Addon

Name of the Vulnerable Software and Affected Versions: Image Hover Effects – Elementor Addon plugin for WordPress versions up to, and including, 1.4.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Image Hover Effects...

WordPress Image Hover Effects - Elementor Addon plugin <= 1.4.1 - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget vulnerability

WordPress Image Hover Effects - Elementor Addon plugin = 1.4.1 - AuthenticatedContributor+ DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget vulnerability discovered by Webbernaut in WordPress Plugin Image Hover Effects – Elementor Addon versions = 1.4.1...

WordPress Image Hover Effects – Elementor Addon Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Image Hover Effects – Elementor Addon Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1166 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9e71e545cdb1 Credits...

The vulnerability of the Grafana monitoring and observation platform lies in the improper handling of input during the creation of web pages. This allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the Grafana monitoring and observation platform lies in the need to select a forged function and navigate the mouse pointer over the description. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks XSS...

CVE-2024-29936 WordPress Image Hover Effects – Elementor Addon plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Stored XSS.This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4...

CVE-2024-29936 WordPress Image Hover Effects – Elementor Addon plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Stored XSS.This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4...

WordPress Plugin Image Hover Effects 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2024-22415 Unsecured endpoints in the jupyter-lsp server extension

jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters + autocompletion + rename using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control on the operating system level, and with...

CVE-2023-49088

Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in...

DEBIAN-CVE-2023-49088

Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in...

UBUNTU-CVE-2023-49088

Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in...

Image Hover Effects <= 5.5 - Cross-Site Request Forgery

Description The Image Hover Effects plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.5. This is due to missing or incorrect nonce validation on the savecaptionoptions function. This makes it possible for unauthenticated attackers to modify the...

CVE-2023-47552

Cross-Site Request Forgery CSRF vulnerability in Labib Ahmed Image Hover Effects – WordPress Plugin.This issue affects Image Hover Effects – WordPress Plugin: from n/a through 5.5...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Labib Ahmed Image Hover Effects – WordPress Plugin.This issue affects Image Hover Effects – WordPress Plugin: from n/a through 5.5...

CVE-2023-47552

CVE-2023-47552: CSRF vulnerability in Image Hover Effects – WordPress Plugin (affected versions up to 5.5). Root cause per sources: lack of proper CSRF protection; patch released in 5.6. Severity/impact vary by source (NVD lists high/8.8 CVSS; Patchstack/Wordfence show medium to low depending on ...

WordPress Plugin Image Hover Effects Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Image Hover Effects Plugin <= 5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Image Hover Effects Type Plugin Vulnerable versions = 5.5 Fixed in 5.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47552 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 874791ac1a6b Credits Abdi Pranata Requir...

Huawei HarmonyOS 代码问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an input validation error vulnerability that stems from improper parameter checks in the window module. An attacker could explo...

CVE-2023-44239

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jobin Jose WWM Social Share On Image Hover plugin = 2.2 versions...