8 matches found
itour.ru Cross Site Scripting vulnerability OBB-3931380
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
double24.ru Cross Site Scripting vulnerability OBB-3931347
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Simple Ajax Chat < 20240412 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup This was partially fixed in 0240216 bu...
Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add a Lottie Animation block to a po...
The Events Calendar < 6.4.0.1 - Reflected XSS
Description The plugin does not properly sanitize user-submitted content when rendering some views via AJAX. PoC...
BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment
Description The plugin contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request POST /wp-admin/admin-ajax.php HTTP/2 Host: buddyboss.example.com Cookie: REDACTED User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:120.0...
Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add a Lottie Animation block to a post a...
The Events Calendar < 6.4.0.1 - Reflected XSS
Description The plugin does not properly sanitize user-submitted content when rendering some views via AJAX. The Events Calendar "...