Lucene search
K

62 matches found

Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.4 views

PT-2024-37493 · WordPress · Wp Lightbox 2

Name of the Vulnerable Software and Affected Versions: WP Lightbox 2 plugin for WordPress versions up to, and including, 3.0.6.6 Description: The issue is related to Stored Cross-Site Scripting via the title parameter due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6AI score0.00342EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/06/28 6:39 a.m.6 views

WordPress Gallery Blocks with Lightbox plugin <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via galleryID and className Parameters vulnerability discovered by Webbernaut in WordPress Plugin SimpLy Gallery versions = 3.2.1...

6.4CVSS5.8AI score0.0047EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/18 6:15 a.m.3 views

CVE-2024-3276

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...

4.8CVSS5.8AI score0.00335EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.4 views

PT-2024-24832 · WordPress · Foobox-Image-Lightbox-Premium +1

Name of the Vulnerable Software and Affected Versions: The Lightbox & Modal Popup WordPress Plugin versions prior to 2.7.28 foobox-image-lightbox-premium WordPress plugin versions prior to 2.7.28 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site...

6.1CVSS5.6AI score0.00335EPSS
Exploits2References5
CVE
CVE
added 2024/06/06 2:2 a.m.42 views

CVE-2024-4194

Affected software. The Album and Image Gallery plus Lightbox (WordPress plugin) is vulnerable up to version 2.0. The issue is due to improper validation of a value before do_shortcode, enabling unauthenticated attackers to execute arbitrary shortcodes. This CVE is corroborated by multiple sources...

7.3CVSS7.1AI score0.00478EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/06/06 12:0 a.m.13 views

WordPress Album and Image Gallery plus Lightbox Plugin <= 2.0 is vulnerable to Broken Access Control

Software Album and Image Gallery plus Lightbox Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4194 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3971913257ef Credits...

7.3CVSS6.5AI score0.00478EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/11/03 1:15 p.m.3 views

CVE-2023-5945

The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsivevideogallerywithlightboxvideomanagementfunc function. This makes it possible for unauthenticated attackers...

5.4CVSS5.7AI score0.00309EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2023/11/03 12:0 a.m.20 views

WordPress video carousel slider with lightbox Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software video carousel slider with lightbox Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5945 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1fb4a457923c Credits Al...

5.4CVSS6.6AI score0.00309EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/11/03 12:0 a.m.4 views

WordPress Plugin video carousel slider with lightbox Cross-site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

5.4CVSS6.8AI score0.00309EPSS
Exploits1References4
Patchstack
Patchstack
added 2023/10/12 12:0 a.m.11 views

WordPress Thumbnail Slider With Lightbox Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Thumbnail Slider With Lightbox Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5531 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fe76aeae2c6a Credits Ala...

4.3CVSS6.6AI score0.00259EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/08/25 12:15 p.m.25 views

CVE-2023-32797

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin = 1.0.22 versions...

7.1CVSS6.2AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 2023/08/25 11:28 a.m.55 views

CVE-2023-32797

CVE-2023-32797 is an unauthenticated reflected XSS vulnerability in the WordPress plugin “I Thirteen Web Solution video carousel slider with lightbox” (versions

7.1CVSS6AI score0.00309EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/25 12:0 a.m.5 views

PT-2023-24031 · I Thirteen Web Solution · Video Carousel Slider With Lightbox Plugin

Name of the Vulnerable Software and Affected Versions: I Thirteen Web Solution video carousel slider with lightbox plugin versions 1.0.22 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker could potentially...

7.1CVSS5.9AI score0.00309EPSS
Exploits0References4
NVD
NVD
added 2023/06/22 12:15 p.m.21 views

CVE-2023-28776

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...

7.1CVSS6.2AI score0.00382EPSS
Exploits0References1
CVE
CVE
added 2023/06/22 11:29 a.m.59 views

CVE-2023-28776

CVE-2023-28776: Unauthenticated reflected XSS in WordPress plugin Continuous Image Carousel With Lightbox (

7.1CVSS6AI score0.00382EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/05/16 3:15 a.m.4 views

CVE-2023-2710

The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS7AI score0.00612EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/05/16 3:15 a.m.4 views

CVE-2023-2710

The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS7AI score0.00612EPSS
Exploits0References4
Prion
Prion
added 2023/05/16 3:15 a.m.18 views

Cross site scripting

The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

5.8CVSS6AI score0.00612EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/07 3:15 p.m.2 views

CVE-2023-28792

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...

6.1CVSS6.8AI score0.00382EPSS
Exploits0References1
NVD
NVD
added 2023/04/07 3:15 p.m.21 views

CVE-2023-28792

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...

7.1CVSS6.2AI score0.00382EPSS
Exploits0References1
Rows per page
Query Builder