EUVD-2023-50989

Malicious code in bioql PyPI...

CVE-2022-4393

The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2023-46823

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4...

CVE-2023-46823

A vulnerability in Avirtum ImageLinks Interactive Image Builder imagelinks-interactive-image-builder-lite.This issue affects ImageLinks Interactive Image Builder: from n/a through = 1.5.4...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4...

CVE-2023-46823 WordPress ImageLinks Interactive Image Builder Plugin <= 1.5.4 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4...

WordPress ImageLinks Interactive Image Builder Plugin <= 1.5.4 is vulnerable to SQL Injection

Software ImageLinks Interactive Image Builder Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-46823 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID de9ca3aa968d Credits Muhammad Daffa Required...

CVE-2022-4393

The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-4393 ImageLinks Interactive Image Builder for WordPress <= 1.5.3 - Contributor+ Stored XSS

The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

ImageLinks Interactive Image Builder for WordPress < 1.5.4 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create a new vision item with whatever role, even if it's an Administrator. 2. Connec...

WordPress ImageLinks Interactive Image Builder plugin <= 1.5.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress ImageLinks Interactive Image Builder plugin versions = 1.5.2. Solution Update the WordPress ImageLinks Interactive Image Builder plugin to the latest available version at least 1.5.3...