11 matches found
EUVD-2024-34392
Malicious code in bioql PyPI...
CVE-2025-7685
The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the 'lsmsadmin' page. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2023-25783
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alex Moss FireCask Like & Share Button plugin = 1.1.5 versions...
Design/Logic Flaw
The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag...
CVE-2023-6250 BestWebSoft's Like & Share < 2.74 - Unauthenticated Password Protected Post Read
The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag...
BestWebSoft's Like & Share < 2.74 - Unauthenticated Password Protected Post Read
Description The plugin discloses the content of password protected posts to unauthenticated users via a meta tag PoC In the web browser, view the source of any password protected post and check the og:description meta tag...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alex Moss FireCask Like & Share Button plugin = 1.1.5 versions...
CVE-2023-25783
CVE-2023-25783 affects the WordPress plugin FireCask Like & Share Button (Peadig) ≤ 1.1.5. The issue is a Stored Cross-Site Scripting (XSS) that requires authentication with admin+ privileges. The vulnerability is triggered through the plugin and could potentially allow an attacker with admin+ ri...
WordPress plugin FireCask Like & Share Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
FireCask Like & Share Button < 1.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress FireCask Like & Share Button Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)
Software FireCask Like & Share Button Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25783 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 548935e36490 Credits Rio Darmawan...