EUVD-2023-42899

Malicious code in bioql PyPI...

EUVD-2023-59206

Malicious code in bioql PyPI...

CVE-2023-7014

The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'madebu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data includi...

CVE-2023-50876 WordPress Molongui plugin <= 4.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Molongui Molongui allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Molongui: from n/a through 4.7.3...

WordPress plugin Molongui 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Molongui < 4.7.8 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrar...

WordPress Plugin Molongui 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Molongui Plugin <= 4.7.7 is vulnerable to Insecure Direct Object References (IDOR)

Software Molongui Type Plugin Vulnerable versions = 4.7.7 Fixed in 4.7.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-30507 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID c7f745bc9de4 Credits CatFather Required...

CVE-2023-7014

The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'madebu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data includi...

CVE-2023-7014

The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'madebu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data includi...

WordPress Molongui Plugin <= 4.7.4 is vulnerable to Sensitive Data Exposure

Software Molongui Type Plugin Vulnerable versions = 4.7.4 Fixed in 4.7.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7014 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7b1a6ad036e9 Credits Krzysztof Zając Required privileg...

WordPress Molongui Plugin <= 4.7.3 is vulnerable to Broken Access Control

Software Molongui Type Plugin Vulnerable versions = 4.7.3 Fixed in 4.7.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50876 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b92c55696b45 Credits Khalid Yusuf Required privilege...

Molongui < 4.6.20 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-39164 WordPress Molongui Plugin <= 4.6.19 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin = 4.6.19 versions...

WordPress Molongui Plugin <= 4.6.19 is vulnerable to Cross Site Scripting (XSS)

Software Molongui Type Plugin Vulnerable versions = 4.6.19 Fixed in 4.6.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-39164 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f13cec368476 Credits LEE SE HYOUNG...