20 matches found
EUVD-2023-50989
Malicious code in bioql PyPI...
CVE-2023-46823
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4...
CVE-2022-4393
The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
ImageLinks Interactive Image Builder < 1.6.0 - Admin+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2023-46823
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4...
CVE-2023-46823 WordPress ImageLinks Interactive Image Builder Plugin <= 1.5.4 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4...
CVE-2023-46823 WordPress ImageLinks Interactive Image Builder Plugin <= 1.5.4 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4...
CVE-2023-46823
The WordPress plugin ImageLinks Interactive Image Builder for WordPress has a SQL injection vulnerability (CVE-2023-46823) in versions
WordPress Plugin ImageLinks Interactive Image Builder for WordPress SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin ImageLinks Interactiv...
PT-2023-30238 · WordPress · Avirtum Imagelinks Interactive Image Builder
Name of the Vulnerable Software and Affected Versions: Avirtum ImageLinks Interactive Image Builder for WordPress versions 1.5.4 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows f...
WordPress ImageLinks Interactive Image Builder Plugin <= 1.5.4 is vulnerable to SQL Injection
Software ImageLinks Interactive Image Builder Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-46823 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID de9ca3aa968d Credits Muhammad Daffa Required...
CVE-2022-4393
The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4393 ImageLinks Interactive Image Builder for WordPress <= 1.5.3 - Contributor+ Stored XSS
The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4393
The CVE describes a Stored XSS vulnerability in the ImageLinks Interactive Image Builder for WordPress plugin, affecting versions up to 1.5.3, where certain settings are not properly sanitised/escaped. Multiple connected sources confirm that an attacker with Contributor+ or similar low privileges...
WordPress Plugin ImageLinks Interactive Image Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
ImageLinks Interactive Image Builder for WordPress < 1.5.4 - Contributor+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Create a new vision item with whatever role, even if it's an Administrator. 2...
ImageLinks Interactive Image Builder for WordPress < 1.5.4 - Contributor+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create a new vision item with whatever role, even if it's an Administrator. 2. Connec...
WordPress ImageLinks Interactive Image Builder plugin <= 1.5.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress ImageLinks Interactive Image Builder plugin versions = 1.5.2. Solution Update the WordPress ImageLinks Interactive Image Builder plugin to the latest available version at least 1.5.3...