EUVD-2024-36760

Malicious code in bioql PyPI...

EUVD-2024-40218

Malicious code in bioql PyPI...

Malicious code in plugin-notes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60b12a33550c554800cf8d4781b1ce03c53057caf7e39b5332d180b234b6ea24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-37561

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jamie Bergen Plugin Notes Plus allows Stored XSS.This issue affects Plugin Notes Plus: from n/a through 1.2.6...

CVE-2024-43326

Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7...

CVE-2024-43326 WordPress Plugin Notes Plus plugin <= 1.2.7 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7...

CVE-2024-43326 WordPress Plugin Notes Plus plugin <= 1.2.7 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7...

CVE-2024-43326

CVE-2024-43326 affects Plugin Notes Plus for WordPress (Jamie Bergen). It is a Missing Authorization vulnerability that allows accessing functionality not properly constrained by ACLs, enabling (at least) arbitrary note deletion in Notes Plus

PT-2024-30493 · Unknown · Plugin Notes Plus

Name of the Vulnerable Software and Affected Versions: Plugin Notes Plus versions 1.2.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For Plugin Notes Plus versions...

WordPress Plugin Notes Plus Plugin <= 1.2.7 is vulnerable to Arbitrary Content Deletion

Software Plugin Notes Plus Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2024-43326 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 048345824ef6 Credits Trương Hữu Phúc...

CVE-2024-37561

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jamie Bergen Plugin Notes Plus allows Stored XSS.This issue affects Plugin Notes Plus: from n/a through 1.2.6...

CVE-2024-37561

CVE-2024-37561 is a Stored XSS in WordPress Plugin Notes Plus (Jamie Bergen). Affected: Plugin Notes Plus from n/a through 1.2.6. Root cause: Improper Neutralization of Input During Web Page Generation. CVSS 3.1 metrics: AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L with base score 5.9. Public references p...

WordPress Plugin Notes Plus Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Plugin Notes Plus Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37561 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1f66e01a6482 Credits justakazh Required privilege...