Lucene search
K

16 matches found

Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-9183 24liveblog <= 2.2 - Authenticated (Contributor+) Exposure of Sensitive Information via Block Editor Script Localization

The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...

4.3CVSS0.0021EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 5:33 a.m.8 views

CVE-2026-9183

The CVE concerns the WordPress plugin 24liveblog (versions up to and including 2.2). The root cause is lb24_block_enqueue_scripts() hooked to enqueue_block_editor_assets, which for non-administrator users loads site-wide integration secrets (lb24_token, lb24_refresh_token, lb24_uid, lb24_uname) f...

4.3CVSS5.8AI score0.0021EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 5:33 a.m.8 views

CVE-2026-9184

The CVE covers the WordPress plugin 24liveblog (versions up to 2.2). A missing capability check on the AJAX handler update_lb24_token() allows authenticated attackers with author-level access and above to overwrite lb24_token, lb24_uid, lb24_refresh_token, lb24_uname, and related site options, ef...

4.3CVSS5.9AI score0.00215EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/23 4:39 p.m.5 views

WordPress 24liveblog – live blog tool plugin <= 2.2 - Missing Authorization to Authenticated (Author+) Settings Modification vulnerability

Missing Authorization to Authenticated Author+ Settings Modification vulnerability discovered by g0wthr in WordPress Plugin 24liveblog – live blog tool versions = 2.2...

4.3CVSS5.8AI score0.00215EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-9219

Malware in sbrugna...

6.8CVSS6.4AI score0.01001EPSS
Exploits2References3
CNNVD
CNNVD
added 2024/11/23 12:0 a.m.4 views

WordPress plugin Easy Liveblogs 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.6AI score0.00693EPSS
Exploits0References2
Schneier on Security
Schneier on Security
added 2019/06/11 11:17 a.m.52 views

Workshop on the Economics of Information Security

Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/30 7:13 p.m.87 views

Details from the 2017 Workshop on Economics and Information Security

The 16th Workshop on Economics and Information Security was this week. Ross Anderson liveblogged the talks...

7AI score
Exploits0
CNVD
CNVD
added 2015/01/08 12:0 a.m.4 views

WordPress Plugin Twitter LiveBlog Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.Twitter LiveBlog plugin is a plugin for dynamic posting of articles or tweets. The WordPress plugin Twitter LiveBlog cross-site request...

6.8CVSS6.7AI score0.01001EPSS
Exploits2References1
NVD
NVD
added 2014/12/31 9:59 p.m.21 views

CVE-2014-9398

Cross-site request forgery CSRF vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the mashtlbtwitterusername parameter in the...

6.8CVSS6.4AI score0.01001EPSS
Exploits2References1
Prion
Prion
added 2014/12/31 9:59 p.m.15 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the mashtlbtwitterusername parameter in the...

6.8CVSS6.8AI score0.01001EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2014/12/31 9:0 p.m.23 views

CVE-2014-9398

Cross-site request forgery CSRF vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the mashtlbtwitterusername parameter in the...

6.4AI score0.01001EPSS
Exploits2References1
CVE
CVE
added 2014/12/31 9:0 p.m.36 views

CVE-2014-9398

The CVE-2014-9398 entry concerns the WordPress Twitter LiveBlog plugin (versions 1.1.2 and earlier). The vulnerability is a CSRF flaw that allows an attacker to hijack an administrator’s authenticated session to perform actions that may enable XSS via the mashtlb_twitter_username parameter in twi...

6.8CVSS6.6AI score0.01001EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/18 12:0 a.m.19 views

Twitter Liveblog <= 1.1.2 - Multiple CSRF

Plugin is still affected and has been closed...

6.8CVSS2AI score0.01001EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2014/12/18 12:0 a.m.43 views

WordPress Twitter LiveBlog 1.1.2 CSRF / XSS

Title: CSRF / Stored XSS Vulnerability in Twitter LiveBlog Wordpress Plugin Author: Manideep K CVE-ID: CVE-2014-9398 Plugin Homepage: https://wordpress.org/plugins/twitter-liveblog/ Version Affected: 1.1.2 probably lower versions Severity: High Description: Vulnerable Parameter:...

6.8CVSS0.01001EPSS
Exploits2
Patchstack
Patchstack
added 2014/12/17 12:0 a.m.19 views

WordPress Twitter LiveBlog Plugin <= 1.1.2 - CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...

6.8CVSS3.6AI score0.01001EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder