CVE-2022-0191

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...

EUVD-2022-15394

Malicious code in bioql PyPI...

EUVD-2023-56870

Malicious code in bioql PyPI...

CVE-2023-52197

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0...

WordPress Ad Invalid Click Protector (AICP) plugin 1.2.9 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin Ad Invalid Click Protector AICP versions 1.2.9...

CVE-2023-52197

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0...

CVE-2023-52197

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0...

CVE-2023-52197 WordPress Ads Invalid Click Protection Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0...

CVE-2023-52197

CVE-2023-52197 : A stored XSS vulnerability exists in the WordPress plugin Ads Invalid Click Protection (versions

PT-2024-14464 · Impactpixel · Impactpixel Ads Invalid Click Protection

Name of the Vulnerable Software and Affected Versions: Impactpixel Ads Invalid Click Protection versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that...

WordPress Plugin Ads Invalid Click Protection Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress Ads Invalid Click Protection Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Ads Invalid Click Protection Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52197 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a7109297a3e8 Credits Dhabaleshwar Das Required...

CVE-2022-0191

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...

CVE-2022-0191

The CVE-2022-0191 entry concerns the Ad Invalid Click Protector (AICP) WordPress plugin prior to version 1.2.7. The root cause is a missing CSRF check when deleting banned users, allowing a logged-in administrator to remove arbitrary bans via CSRF. Documents confirm this affects the AICP plugin a...

WordPress plugin Ad Invalid Click Protector 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Ad Invalid Click Protector plugin versions prior to 1.2.7 are vulnerable to cross-site...

Ad Invalid Click Protector (AICP) < 1.2.7 - Reflected Cross-Site Scripting

The plugin does not have sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting PoC...

Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF

The plugin does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans PoC https://example.com/wp-admin/admin.php?page=aicpbanneduserdetails=delete=1...

Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF

The plugin does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans https://example.com/wp-admin/admin.php?page=aicpbanneduserdetails&action=delete&id=1...

Ad Invalid Click Protector (AICP) < 1.2.7 - Reflected Cross-Site Scripting

The plugin does not have sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting alert/XSS/' /...

CVE-2022-0190

The CVE-2022-0190 entry concerns the Ad Invalid Click Protector (AICP) WordPress plugin, affected in versions prior to 1.2.6. The root cause is a SQL Injection vulnerability in the id parameter of the delete action, enabling an attacker to manipulate database queries. Impact is described as Parti...