GHSA-WRJC-FMFQ-W3JR baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature

XSS vulnerability in Blog posts and Contents list Feature to baserCMS. Target baserCMS 5.1.1 and earlier versions Vulnerability Malicious code may be executed in Blog posts and Contents list feature. Countermeasures Update to the latest version of baserCMS Please refer to the following page to...

WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Kodex Posts likes versions = 2.5.0...

CVE-2024-10050

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfetemplate shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft...

CVE-2024-10050

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfetemplate shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft...

WordPress Kodex Posts likes Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Kodex Posts likes Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50464 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4d40ba7a06f0 Credits theviper17 Required privilege...

PT-2024-32328 · Basercms · Basercms

Name of the Vulnerable Software and Affected Versions: baserCMS versions prior to 5.1.2 Description: The issue is a cross-site scripting vulnerability in the Blog posts feature of baserCMS, a website development framework. This vulnerability allows malicious code to be executed in the Blog posts...

PT-2024-15998 · Elementor · Elementor Header & Footer Builder

Name of the Vulnerable Software and Affected Versions: Elementor Header & Footer Builder plugin for WordPress versions up to, and including, 1.6.43 Description: The issue allows authenticated attackers with Contributor-level access and above to view the contents of Draft, Private, and...

CVE-2024-7587

creationtimestamp| type| source ---|---|--- 2024-10-22 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01 2024-10-23 02:20:16+00:00| seen| https://t.me/cvedetector/8670 2024-10-31 18:39:00+00:00| seen| https://t.me/icscert/939 2025-03-11 11:30:05+00:00| seen|...

CVE-2024-35286

creationtimestamp| type| source ---|---|--- 2024-10-22 00:24:20+00:00| seen| https://t.me/cvedetector/8577 2024-12-05 14:44:20+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/9404 2024-12-05 16:34:02+00:00| seen|...

CVE-2024-49628

Cross-Site Request Forgery CSRF vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18...

CVE-2024-49628

Cross-Site Request Forgery CSRF vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through = 2.5.18...

CVE-2024-49629

Cross-Site Request Forgery CSRF vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7...

CVE-2024-49629

Cross-Site Request Forgery CSRF vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through = 2.2.7...

CVE-2024-49628 WordPress Most And Least Read Posts Widget plugin <= 2.5.18 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18...

CVE-2024-49628

CVE-2024-49628 is a CSRF vulnerability in the WordPress plugin Most And Least Read Posts Widget (WhileTrue) affecting versions 2.5.18 and earlier. Unauthenticated attackers could exploit CSRF to perform unintended actions. The issue is fixed in version 2.5.19; update the plugin to 2.5.19 or later...

CVE-2024-49629 WordPress Endless Posts Navigation plugin <= 2.2.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through = 2.2.7...

CVE-2024-49629 WordPress Endless Posts Navigation plugin <= 2.2.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7...

CVE-2024-49629

CVE-2024-49629 concerns the WordPress plugin Endless Posts Navigation (versions

WordPress plugin Most And Least Read Posts Widget 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Most And Least...

PT-2024-33584 · WordPress · Endless Posts Navigation

Name of the Vulnerable Software and Affected Versions: Endless Posts Navigation versions n/a through 2.2.7 Description: A Cross-Site Request Forgery CSRF issue in Endless Posts Navigation allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge,...