292 matches found
CVE-2024-38558
CVE-2024-38558 concerns the Linux kernel's net/openvswitch handling of ICMPv6 in the OVS_PACKET_CMD_EXECUTE path. The root cause is a misuse of a shared IPv6 field between Neighbor Discovery (ND) state and conntrack original tuple (ct_orig) during packet-key parsing. When parsing ICMPv6, the code...
CVE-2024-5220
The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...
CVE-2024-5220
The ND Shortcodes plugin for WordPress (up to version 7.5) is affected by a Stored XSS via the plugin’s upload feature. Exploitation requires authenticated access at Author level or higher, allowing script injection into pages that execute for users visiting injected pages. Patch status for CVE-2...
PT-2024-35132 · WordPress · Nd Shortcodes
Name of the Vulnerable Software and Affected Versions: ND Shortcodes plugin for WordPress versions up to, and including, 7.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's upload feature due to insufficient input sanitization and output escaping. This allows...
WordPress plugin ND Shortcodes 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
ND Shortcodes < 7.6 - Authenticated (Author+) Stored Cross-Site Scripting
Description The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...
openvswitch: openvswitch don't match packets on nd_target field
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...
PT-2024-17994 · WordPress · Restaurant Reservations
Name of the Vulnerable Software and Affected Versions: Restaurant Reservations plugin for WordPress versions up to, and including, 1.9 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary PHP files on the server via the nd...
The vulnerability of the ND Shortcodes plugin of the WordPress content management system allows attackers to execute LFI attacks.
The vulnerability of the ND Shortcodes plugin of the WordPress content management system is related to an incorrect limitation on the path to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to execute LFI attacks remotely...
nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3692030
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3548102
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3482327
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-1273
The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...
CVE-2022-4623
The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-1273
The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...
Cross site scripting
The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-1273 ND Shortcodes < 7.0 - Subscriber+ LFI
The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...
CVE-2023-1273
CVE-2023-1273 affects the WordPress plugin ND Shortcodes (before 7.0). The issue is that some shortcode attributes used to generate include paths are not validated, allowing an authenticated user (e.g., a subscriber) to perform a Local File Inclusion (LFI) attack by manipulating the path. Public ...
CVE-2022-4623
The CVE-2022-4623 entry concerns the ND Shortcodes WordPress plugin prior to version 7.0. It states that the plugin does not validate and escape numerous shortcode attributes before output, allowing users with the contributor role and above to perform Stored Cross-Site Scripting when the shortcod...
WordPress plugin ND Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...