4 matches found
EUVD-2024-27386
Malicious code in bioql PyPI...
CVE-2023-0373
The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-2436
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Lightweight Accordion Plugin < 1.5.15 is vulnerable to Cross Site Scripting (XSS)
Software Lightweight Accordion Type Plugin Vulnerable versions 1.5.15 Fixed in 1.5.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0373 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 695900d7d8e2 Credits István Márto...