147 matches found
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: cortex, kubeflow, aactl, kubescape, slsa-verifier, up, vault-csi-provider, spark-operator, aws-efs-csi-driver-fips, falco, kubernetes-csi-livenessprobe-fips, falcoctl-fips, dynamic-localpv-provisioner-fips, kubernetes-csi-livenessprobe,...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: metacontroller, flux-source-controller, nodetaint, flux-notification-controller, pulumi-language-dotnet, prometheus-blackbox-exporter, gitness, ko, coredns, buildkitd, nghttp2, prometheus-adapter, node-problem-detector, flux-kustomize-controller, kpt, rqlite,...
CVE-2023-2254
The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...
CVE-2023-2254
The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...
Cross site scripting
The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...
CVE-2023-2254 Ko-fi Button < 1.3.3 - Admin+ Stored XSS
The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...
CVE-2023-2254
CVE-2023-2254 affects the Ko-fi Button WordPress plugin prior to v1.3.3. Root cause: improper handling of plugin settings enables Admin+ Stored XSS, even if unfiltered_html is disabled. Impact is described as low risk (per several sources). The fix is to update to v1.3.3 or later (patched version...
WordPress Plugin Ko-fi Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-18557 · WordPress · Ko-Fi Button
Name of the Vulnerable Software and Affected Versions: Ko-fi Button WordPress plugin versions prior to 1.3.3 Description: The issue concerns the Ko-fi Button WordPress plugin, which does not properly handle some of its settings. This could allow high-privilege users to perform Stored Cross-Site...
CVE-2023-26515
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ko Takagi Simple Slug Translate plugin = 2.7.2 versions...
CVE-2023-26515 WordPress Simple Slug Translate Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ko Takagi Simple Slug Translate plugin = 2.7.2 versions...
CVE-2023-26515
CVE-2023-26515 affects the WordPress plugin Simple Slug Translate (Ko Takagi) , versioned ≤ 2.7.2. The issue is a Stored XSS requiring admin+ privileges . A fix is available in version 2.7.3 ; affected users should upgrade to 2.7.3 or later. Other sources corroborate the same vulnerability scope ...
PT-2023-20694 · Unknown · Ko Takagi Simple Slug Translate
Name of the Vulnerable Software and Affected Versions: Ko Takagi Simple Slug Translate plugin versions prior to 2.7.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions prior to...
CVE-2023-24535 vulnerabilities
Vulnerabilities for packages: ko...
CVE-2023-24535 vulnerabilities
Vulnerabilities for packages: ko...
ko-re-a.org Cross Site Scripting vulnerability OBB-3377908
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-30551 vulnerabilities
Vulnerabilities for packages: apko, aactl, ko...
GHSA-2H5H-59F5-C5X9 vulnerabilities
Vulnerabilities for packages: apko, aactl, ko...
GHSA-2H5H-59F5-C5X9 vulnerabilities
Vulnerabilities for packages: aactl, apko, ko...
WordPress Ko-fi Button Plugin < 1.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Ko-fi Button Type Plugin Vulnerable versions 1.3.3 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2254 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID af182fbd1aaa Credits Felipe Restrepo Rodriguez...