36 matches found
CVE-2023-4290
The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...
EUVD-2023-54160
Malicious code in bioql PyPI...
EUVD-2024-29931
Malicious code in bioql PyPI...
CVE-2024-32109
Cross-Site Request Forgery CSRF vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a through 2.1.9...
CVE-2024-32109
Cross-Site Request Forgery CSRF vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a through 2.1.9...
CVE-2024-32109
CVE-2024-32109 is a Cross-Site Request Forgery (CSRF) vulnerability in the WP Matterport Shortcode. Affected: Matterport Shortcode versions up to 2.1.9 (n/a through 2.1.9). CVSS 3.1 base score 4.3 (Medium). No patch/remediation details are provided in the supplied documents; exploitation status i...
CVE-2024-32109 WordPress WP Matterport Shortcode plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a through 2.1.9...
CVE-2024-32109 WordPress WP Matterport Shortcode plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a through 2.1.9...
WordPress WP Matterport Shortcode plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin WP Matterport Shortcode versions = 2.1.9...
WordPress Plugin WP Matterport Shortcode 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP...
WordPress WP Matterport Shortcode Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Matterport Shortcode Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32109 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f8f5cab9e3ca Credits Nguyen Xuan...
PT-2024-24415 · WordPress · Wp Matterport Shortcode
Name of the Vulnerable Software and Affected Versions: WP Matterport Shortcode versions 2.1.9 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the WP Matterport Shortcode, allowing unauthorized requests. This can lead to various security issues, as an attacker could...
WordPress WP Matterport Shortcode Plugin < 2.1.7 is vulnerable to Cross Site Scripting (XSS)
Software WP Matterport Shortcode Type Plugin Vulnerable versions 2.1.7 Fixed in 2.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4290 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7f614e386ab6 Credits Erwan LR...
WordPress WP Matterport Shortcode Plugin < 2.1.8 is vulnerable to Cross Site Scripting (XSS)
Software WP Matterport Shortcode Type Plugin Vulnerable versions 2.1.8 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4289 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8eed9163947b Credits Dmitrii Ignatyev...
CVE-2023-4289
The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
CVE-2023-4290
The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...
CVE-2023-4290
The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...
CVE-2023-4289
The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
Cross site scripting
The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
CVE-2023-4289 WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode
The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...