51 matches found
EUVD-2023-59136
Malicious code in bioql PyPI...
EUVD-2024-29276
Malicious code in bioql PyPI...
EUVD-2022-49622
Malicious code in bioql PyPI...
EUVD-2024-47736
Malicious code in bioql PyPI...
EUVD-2024-44264
Malicious code in bioql PyPI...
CVE-2024-6688
The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxysavecssfromadmin AJAX action in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2023-6938
The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above...
CVE-2022-46841
Cross-Site Request Forgery CSRF vulnerability in Soflyy Oxygen Builder plugin = 4.4 versions...
CVE-2024-31380
Improper Control of Generation of Code 'Code Injection' vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9...
CVE-2024-4662
The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged users, such as...
CVE-2024-6688
The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxysavecssfromadmin AJAX action in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-6688 Oxygen Builder <= 4.8.3 - Missing Authorization to Authenticated (Subscriber+) Stylesheet Update
The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxysavecssfromadmin AJAX action in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-6688
CVE-2024-6688 (Oxygen Builder, WordPress) : The Oxygen Builder plugin is vulnerable to unauthorized modification of data due to a missing capability check on the oxy_save_css_from_admin AJAX action in all versions up to 4.8.3. This allows authenticated attackers with Subscriber-level access and a...
CVE-2024-6688 Oxygen Builder <= 4.8.3 - Missing Authorization to Authenticated (Subscriber+) Stylesheet Update
The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxysavecssfromadmin AJAX action in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress Oxygen Builder plugin <= 4.8.3 - Missing Authorization to Authenticated (Subscriber+) Stylesheet Update vulnerability
Missing Authorization to Authenticated Subscriber+ Stylesheet Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Oxygen Builder versions = 4.8.3...
WordPress Oxygen Builder Plugin <= 4.8.3 is vulnerable to Broken Access Control
Software Oxygen Builder Type Plugin Vulnerable versions = 4.8.3 Fixed in 4.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6688 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 05a98a111db4 Credits Francesco Carlucci Required...
WordPress plugin Oxygen Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-37800 · WordPress · Oxygen Builder
Name of the Vulnerable Software and Affected Versions: Oxygen Builder plugin for WordPress versions up to, and including, 4.8.3 Description: The issue is related to a missing capability check on the oxy save css from admin AJAX action. This makes it possible for authenticated attackers, with...
CVE-2024-4662
The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged users, such as...
CVE-2024-4662
CVE-2024-4662 (Oxygen Builder for WordPress) : Affects all versions up to 4.8.2. Root cause is storing data in post metadata without an underscore prefix, allowing lower-privilege users (e.g., contributors) to inject arbitrary PHP code via the WordPress UI and gain elevated privileges, resulting ...