70 matches found
WordPress Seriously Simple Podcasting Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Seriously Simple Podcasting Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25599 Patch priority Medium CVSS severity Medium 7.1 Developer Castos PSID 07063cdb0c71 Credits Rafie Muhammad Patchstack...
CVE-2024-2629
Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
WordPress Order Export & Order Import for WooCommerce Plugin <= 2.4.3 is vulnerable to Arbitrary File Upload
Software Order Export & Order Import for WooCommerce Type Plugin Vulnerable versions = 2.4.3 Fixed in 2.4.4 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-22135 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID cc645a98d1b8 Credits Dateoljo ...
WordPress Martins Free & Easy SEO Link buildings Plugin < 1.2.30 is vulnerable to Cross Site Scripting (XSS)
Software Martins Free & Easy SEO Link buildings Type Plugin Vulnerable versions 1.2.30 Fixed in 1.2.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5641 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b26e0b25f0b1...
WordPress Awesome Support Plugin < 6.1.5 is vulnerable to Cross Site Scripting (XSS)
Software Awesome Support Type Plugin Vulnerable versions 6.1.5 Fixed in 6.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5354 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1e691e07ad6e Credits Alex Sanford Require...
WordPress Happy Elementor Addons Pro Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS)
Software Happy Elementor Addons Pro Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41236 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1e3539666fdb Credits Rafie...
WordPress Locked Payment Methods for WooCommerce Plugin <= 1.3.5 is vulnerable to Cross Site Scripting (XSS)
Software Locked Payment Methods for WooCommerce Type Plugin Vulnerable versions = 1.3.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d253b10ead5d Credits Rafie...
WordPress Ultimate Carousel For Divi Plugin < 4.5.1 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate Carousel For Divi Type Plugin Vulnerable versions 4.5.1 Fixed in 4.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 62b9f7045643 Credits Rafie Muhammad Patchsta...
WordPress WP SMS Plugin for WordPress Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS)
Software WP SMS Plugin for WordPress Type Plugin Vulnerable versions 1.5.1 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c1b7cfc59ff4 Credits Rafie Muhammad...
WordPress All in One Invite Codes Plugin < 1.1.11 is vulnerable to Cross Site Scripting (XSS)
Software All in One Invite Codes Type Plugin Vulnerable versions 1.1.11 Fixed in 1.1.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 070ddaecd3e9 Credits Rafie Muhammad Patchstac...
WordPress WooCommerce Role Based Pricing by Meow Crew Plugin < 1.4.1 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Role Based Pricing by Meow Crew Type Plugin Vulnerable versions 1.4.1 Fixed in 1.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e917a5406972 Credits Rafie...
WordPress Device Wrapper Plugin < 1.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Device Wrapper Type Plugin Vulnerable versions 1.1.1 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dffe70065f07 Credits Rafie Muhammad Patchstack Required...
WordPress Verbalize WP Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Verbalize WP Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 21e3ff2fe6c4 Credits Rafie Muhammad Patchstack Required...
WordPress PopOverXYZ – Show Light Weight Beautiful Tool Tips On Any Text Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)
Software PopOverXYZ – Show Light Weight Beautiful Tool Tips On Any Text Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...
WordPress Hire Me Widget Plugin < 1.0.5 is vulnerable to Cross Site Scripting (XSS)
Software Hire Me Widget Type Plugin Vulnerable versions 1.0.5 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3fd9a7440ccd Credits Rafie Muhammad Patchstack Required...
WordPress Clean Social Icons Plugin <= 0.9.11 is vulnerable to Cross Site Scripting (XSS)
Software Clean Social Icons Type Plugin Vulnerable versions = 0.9.11 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 073edbf35701 Credits Rafie Muhammad Patchstack...
WordPress Product Slider For WooCommerce Lite Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Product Slider For WooCommerce Lite Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0537 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5eb92cf8631c Credits...
Input validation
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. Chromium security severity: Medium...
Zero collection module can be whitelisted and set to a post, which will then revert all collects and mirrors with PublicationDoesNotExist
Lines of code Vulnerability details Impact In case when zero collection module be white listed and then zero collection module set to a post done by different actors, its functionality will be partially broken: every collecting and mirroring of it will be reverted with...
ffmpeg:ffmpeg_BSF_TRACE_HEADERS_fuzzer: Index-out-of-bounds in cbs_jpeg_read_huffman_table
Project: https://git.ffmpeg.org/ffmpeg.git Detailed Report: https://oss-fuzz.com/testcase?key=6291612167831552 Project: ffmpeg Fuzzing Engine: libFuzzer Fuzz Target: ffmpegBSFTRACEHEADERSfuzzer Job Type: libfuzzerubsanffmpeg Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash...