WordPress Display Medium Posts plugin <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_medium_posts Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via displaymediumposts Shortcode vulnerability discovered by theviper17y in WordPress Plugin Display Medium Posts versions = 5.0.1...

WordPress Display Medium Posts Plugin <= 5.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Display Medium Posts Type Plugin Vulnerable versions = 5.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9445 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 06e0b332337b Credits theviper17y Required...

PT-2024-39638 · WordPress · Display Medium Posts

Name of the Vulnerable Software and Affected Versions: Display Medium Posts plugin for WordPress versions up to, and including, 5.0.1 Description: The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display medium posts shortcode due to...

CVE-2024-8771

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'previewemailtemplatedesign' function in all versions up to, and including,...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an authorization issue vulnerability that stems from a failure to properly authorize a request when the ability to view archived channels is disabled, which could be exploited b...

PT-2024-32335 · Mattermost +1 · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.0 Mattermost versions 9.5.x through 9.5.8 Description: The issue arises from the failure to validate that the message of a permalink post is a string, allowing an attacker to send a non-string value as...

CVE-2024-8516

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract limited post information from...

CVE-2024-8713

The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-8713

The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-8476

The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeeventpluginbuttons function. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2024-8476

CVE-2024-8476 affects the Easy PayPal Events plugin for WordPress (versions

CVE-2024-8713 Kodex Posts likes <= 2.5.0 - Reflected Cross-Site Scripting

The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-8713 Kodex Posts likes <= 2.5.0 - Reflected Cross-Site Scripting

The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-8713

CVE-2024-8713 affects Kodex Posts likes for WordPress (all versions up to and including 2.5.0). It is a Reflected Cross-Site Scripting vulnerability caused by using add_query_arg without proper escaping, enabling unauthenticated attackers to inject scripts if a user is tricked into performing an ...

PT-2024-39193 · WordPress · Kodex Posts Likes Plugin

Name of the Vulnerable Software and Affected Versions: Kodex Posts likes plugin for WordPress versions up to, and including, 2.5.0 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitrary web scripts int...

WordPress Kodex Posts likes plugin <= 2.5.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Kodex Posts likes versions = 2.5.0...

WordPress Kodex Posts likes Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Kodex Posts likes Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8713 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 83c067bae0c0 Credits vgo0 Required...

PT-2024-39068 · WordPress · Themesflat Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor plugin for WordPress versions up to, and including, 2.2.1 Description: The issue allows authenticated attackers with Contributor-level access and above to extract limited post information from draft and future...

WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Kodex Posts likes versions = 2.5.0...

WordPress Kodex Posts likes Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Kodex Posts likes Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44036 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a36dce24013f Credits SOPROBRO Required privilege...