18 matches found
CVE-2017-18583
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection...
EUVD-2023-51772
Malicious code in bioql PyPI...
CVE-2023-47673
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Stefano Ottolenghi Post Pay Counter plugin = 2.784 versions...
CVE-2023-47673
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Stefano Ottolenghi Post Pay Counter plugin = 2.784 versions...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Stefano Ottolenghi Post Pay Counter plugin = 2.784 versions...
WordPress Plugin Post Pay Counter Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
CVE-2023-47673
CVE-2023-47673 affects the WordPress plugin Post Pay Counter (Stefano Ottolenghi). An unauthenticated Reflected XSS exists in versions
CVE-2023-47673 WordPress Post Pay Counter Plugin <= 2.784 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Stefano Ottolenghi Post Pay Counter plugin = 2.784 versions...
PT-2023-30559 · WordPress · Stefano Ottolenghi Post Pay Counter
Name of the Vulnerable Software and Affected Versions: Stefano Ottolenghi Post Pay Counter plugin versions 2.784 through 2.789 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. No information is provided about the estimated number of potentially affected devic...
WordPress Post Pay Counter Plugin <= 2.784 is vulnerable to Cross Site Scripting (XSS)
Software Post Pay Counter Type Plugin Vulnerable versions = 2.784 Fixed in 2.790 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47673 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 491f26eaa1d8 Credits LEE SE HYOUNG...
WordPress post-pay-counter plugin injection vulnerability
WordPress is the WordPress Foundation's set of blogging platform using PHP language development. The platform supports PHP and MySQL servers to set up a personal blog site. post-pay-counter is used in one of the online paid content billing, management plug-ins. An injection vulnerability exists i...
WordPress post-pay-counter plugin permission license and access control issue vulnerability
WordPress is the WordPress Foundation's set of blogging platform using PHP language development. The platform supports PHP and MySQL servers to set up a personal blog site. post-pay-counter is used in one of the online paid content billing, management plug-ins. WordPress post-pay-counter plugin h...
CVE-2017-18584
The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action...
CVE-2017-18583
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection...
Design/Logic Flaw
The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action...
CVE-2017-18584
CVE-2017-18584 : The WordPress plugin “post-pay-counter” prior to version 2.731 exposes an update-settinga action without a permissions check, enabling unauthorized usage. Root cause: missing access control in the plugin’s update-settinga workflow. Impact: as described in multiple sources, this c...
CVE-2017-18583
CVE-2017-18583 affects the WordPress plugin post-pay-counter (before 2.731) with a PHP Object Injection flaw. The advisory sources identify this as a high/critical issue: CVSS v2 base score 7.5 (HIGH) and CVSS v3.0 base score 9.8 (CRITICAL) with network attack vector, no user interaction, and imp...
WordPress Post Pay Counter plugin <= 2.730 - Authenticated PHP Object Injection Vulnerability
WordPress Post Pay Counter plugin Authenticated PHP Object Injection Vulnerability was fond in 2.730 version. WordPress Post Pay Counter Plugin should have made sure the user is intended to be able to import settings by checking if their user role is one permitted to access the page. Solution...