Lucene search
K

83 matches found

Patchstack
Patchstack
added 2024/04/15 12:0 a.m.14 views

WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.75 is vulnerable to Cross Site Scripting (XSS)

Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.75 Fixed in 10.1.76 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32510 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 052582e81e99 Credits...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.13 views

WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.76 is vulnerable to Broken Access Control

Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.76 Fixed in 10.1.77 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32509 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4f90762b9976...

6.5CVSS6.5AI score0.00437EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/12 12:0 a.m.31 views

WordPress Payment Forms for Paystack Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Payment Forms for Paystack Type Plugin Vulnerable versions = 4.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32130 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bdaaf2a9d240 Credits Ngô Thiên An ancorn from...

6.5CVSS6.6AI score0.00291EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/03/31 7:15 p.m.9 views

CVE-2024-30489

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...

8.5CVSS8.9AI score0.00488EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/31 6:18 p.m.20 views

CVE-2024-30489 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...

8.5CVSS9AI score0.00488EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/31 6:18 p.m.18 views

CVE-2024-30489 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...

8.5CVSS7.6AI score0.00488EPSS
Exploits0References1
CVE
CVE
added 2024/03/31 6:18 p.m.55 views

CVE-2024-30489

CVE-2024-30489 affects WP Cost Estimation & Payment Forms Builder for WordPress. Root cause: improper neutralization of SQL elements in a query, enabling SQL injection. Affected versions are up to 10.1.75 (n/a–10.1.75). CVSS v3.1 base score 8.5 (HIGH) with Attack Vector: Network, Attack Complexit...

8.5CVSS8.9AI score0.00488EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/31 12:0 a.m.4 views

WordPress Plugin WP Cost Estimation & Payment Forms Builder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP Cost Estimation &...

8.5CVSS8.8AI score0.00488EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/31 12:0 a.m.4 views

PT-2024-23415 · WordPress · Loopus Wp Cost Estimation & Payment Forms Builder

Name of the Vulnerable Software and Affected Versions: WP Cost Estimation & Payment Forms Builder versions through 10.1.75 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential...

8.5CVSS9.7AI score0.00488EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/03/28 12:0 a.m.13 views

WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.75 is vulnerable to SQL Injection

Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.75 Fixed in 10.1.76 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30489 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID b42e5deb44b6 Credits Rafie Muhammad...

8.5CVSS6.8AI score0.00488EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/03/13 4:15 p.m.23 views

CVE-2024-25099

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2...

6.5CVSS6.4AI score0.00419EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2...

6CVSS6.9AI score0.00419EPSS
Exploits0References1
CVE
CVE
added 2024/03/13 4:2 p.m.64 views

CVE-2024-25099

CVE-2024-25099 concerns the Paytium plugin for WordPress (Paytium: Mollie payment forms & donations). The issue is a stored XSS caused by improper input neutralization during web page generation, affecting Paytium versions up to 4.4.2. A fix exists in version 4.4.3. Public details confirm the vul...

6.5CVSS7.1AI score0.00419EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/02/08 4:15 a.m.34 views

CVE-2023-5665

The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00525EPSS
Exploits0References10
Prion
Prion
added 2024/02/08 4:15 a.m.26 views

Cross site scripting

The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

4.9CVSS6AI score0.00525EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2024/02/08 3:33 a.m.37 views

CVE-2023-5665 Payment Forms for Paystack <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.3AI score0.00525EPSS
Exploits0References10
Patchstack
Patchstack
added 2024/02/08 12:0 a.m.10 views

WordPress Payment Forms for Paystack Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Payment Forms for Paystack Type Plugin Vulnerable versions = 3.4.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5665 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3391483ec0bd Credits István Márton...

6.4CVSS5.8AI score0.00525EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.9 views

WordPress plugin Payment Forms for Paystack Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS5.9AI score0.00525EPSS
Exploits0References9
Malwarebytes
Malwarebytes
added 2023/04/27 8:30 a.m.20 views

Magecart threat actor rolls out convincing modal forms

To ensnare new victims, criminals will often devise schemes that attempt to look as realistic as possible. Having said that, it is not every day that we see the fraudulent copy exceed the original piece. While following up on an ongoing Magecart credit card skimmer campaign, we were almost fooled...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/21 9:30 a.m.29 views

Multilingual skimmer fingerprints 'secret shoppers' via Cloudflare endpoint API

One important aspect of data theft in criminal markets revolves around the authenticity of the data that is being resold. There are different services that exist to vet such things as credit card numbers so that buyers can purchase with confidence. Criminals are also very aware that anyone and in...

0.1AI score
Exploits0
Rows per page
Query Builder