WordPress Image Hover Effects Ultimate plugin <= 9.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Image Hover Effects Ultimate versions = 9.10.5...

EUVD-2022-45532

Malicious code in bioql PyPI...

CVE-2022-4207

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...

Cross site scripting

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...

CVE-2022-4207

CVE-2022-4207 affects the WordPress plugin Image Hover Effects Ultimate (versions 9.8.1–9.8.4). The root cause is insufficient input sanitization and output escaping in multiple values added to an Image Hover, allowing Stored XSS by authenticated users. Exploitation could occur when a site admin ...

CVE-2022-42459

Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin = 9.7.1 on WordPress...

Code injection

Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin = 9.7.1 on WordPress...

CVE-2022-42459

CVE-2022-42459 affects the WordPress Image Hover Effects Ultimate plugin (versions

WordPress plugin Image Hover Effects Ultimate 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Cross site scripting

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2022-2936

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2022-2935

CVE-2022-2935 affects the Image Hover Effects Ultimate WordPress plugin (versions up to and including 9.7.3). The root cause is insufficient input sanitization and output escaping in the Media Image URL value added to an Image Hover. This enables Stored XSS where an authenticated attacker can inj...

CVE-2022-2936 Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2022-2936

The CVE-2022-2936 issue affects the WordPress plugin Image Hover Effects Ultimate (versions up to and including 9.7.3). It is a Stored Cross-Site Scripting vulnerability caused by insufficient input sanitization and output escaping of Video Link values added to an Image Hover. Authenticated attac...

CVE-2022-29424

Authenticated admin or higher user role Reflected Cross-Site Scripting XSS vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin = 9.7.1 at WordPress...

CVE-2022-29424

CVE-2022-29424 describes an authenticated Reflected Cross-Site Scripting (XSS) in WordPress Image Hover Effects Ultimate plugin up to version 9.7.1. The root cause is lack of data validation/filtering of user-supplied data and insufficient output escaping on an admin page, enabling an admin+ user...

CVE-2022-29424

Authenticated admin or higher user role Reflected Cross-Site Scripting XSS vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin = 9.7.1 at WordPress...

WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguy Minh Tuan Patchstack Alliance in WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...

Cross site scripting

The Image Hover Effects Ultimate Image Gallery, Effects, Lightbox, Comparison or Magnifier WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2021-25031

The CVE concerns WordPress plugin Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) versions before 9.7.1. The root cause is failure to escape the effects parameter when echoed into an attribute on an admin page, enabling a Reflected Cross-Site Scripting (XS...