21 matches found
CVE-2024-33941
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1...
CVE-2024-38690 WordPress iPanorama 360 plugin <= 1.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3...
CVE-2024-38690 WordPress iPanorama 360 plugin <= 1.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3...
iPanorama 360 WordPress Virtual Tour Builder < 1.8.2 - Missing Authorization
Description The iPanorama 360 WordPress Virtual Tour Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a REST API endpoint in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to view deactivated...
CVE-2024-33941 WordPress iPanorama 360 plugin <= 1.8.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1...
CVE-2024-33941 WordPress iPanorama 360 plugin <= 1.8.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1...
WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.1 is vulnerable to Broken Access Control
Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33941 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3a0c2aa84662 Credits...
CVE-2023-5336
The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
Sql injection
The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2023-5336
CVE-2023-5336 affects the iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress. It is vulnerable to SQL Injection via shortcode in versions up to and including 1.8.0 due to insufficient escaping of user-supplied parameters and inadequate preparation of the SQL query. This allows au...
CVE-2023-5336 iPanorama 360 – WordPress Virtual Tour Builder <= 1.8.0 - Authenticated (Contributor+) SQL Injection via Shortcode
The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2023-5336 iPanorama 360 – WordPress Virtual Tour Builder <= 1.8.0 - Authenticated (Contributor+) SQL Injection via Shortcode
The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.0 is vulnerable to SQL Injection
Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5336 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 25ea3eb9ee79 Credits István Márton Require...
WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin < 1.8.0 is vulnerable to SQL Injection
Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID fc24718ff856 Credits Unknown Required privilege...
CVE-2022-4392
The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4392
The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4392
Product : iPanorama 360 WordPress Virtual Tour Builder plugin (= 1.6.30) or apply vendor advisories/workarounds. Notes : Public PoCs exist demonstrating the Stored XSS behavior; exploitation details are documented in multiple sources (e.g., WPScan, PT Security, Red Hat CVE pages).
CVE-2022-4392 iPanorama 360 WordPress Virtual Tour Builder <= 1.6.29 - Contributor+ Stored XSS
The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4392 iPanorama 360 WordPress Virtual Tour Builder <= 1.6.29 - Contributor+ Stored XSS
The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
PT-2023-14399 · WordPress · Avirtum Ipanorama 360 Wordpress Virtual Tour Builder
Name of the Vulnerable Software and Affected Versions: iPanorama 360 WordPress Virtual Tour Builder plugin versions 1.6.29 and earlier Description: The issue allows users, such as those with contributor+ permissions, to perform Stored Cross-Site Scripting attacks. This is possible because some...