18 matches found
EUVD-2014-4775
Malware in sbrugna...
EUVD-2023-27790
Malicious code in bioql PyPI...
CVE-2023-23702
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
CVE-2020-35438
Cross Site Scripting XSS vulnerability in the kk Star Ratings plugin before 4.1.5...
WordPress kk Star Ratings plugin <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin kk Star Ratings versions = 5.4.10...
CVE-2024-8052
The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
WordPress plugin Review Ratings 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in WordPres...
CVE-2023-23702
CVE-2023-23702 is a stored XSS vulnerability in the Pixelgrade Comments Ratings WordPress plugin (versions ≤ 1.1.7) exploitable by users with admin+ privileges. The issue permits injection of malicious scripts via the plugin’s input surface and is rated medium by CVSS (base 4.8–4.9 in sources). P...
PT-2023-19141 · Pixelgrade · Pixelgrade Comments Ratings Plugin
Name of the Vulnerable Software and Affected Versions: Pixelgrade Comments Ratings plugin versions prior to 1.1.8 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with admin+ authentication. This type of vulnerability allows an attacker to...
WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Comments Ratings Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23702 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7f7df4a9e3a3 Credits yuyudhn Required privile...
CVE-2023-45654 WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
CVE-2023-45654 WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Comments Ratings Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45654 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3bde0ca43cfe Credits Mika Required...
CVE-2023-23704
CVE-2023-23704 is a CSRF vulnerability in the WordPress plugin Pixelgrade Comments Ratings affecting versions up to 1.1.6 . The vulnerability is described across sources as Cross-Site Request Forgery with unauthenticated access, enabling CSRF actions on sites using the plugin. Affected product: P...
WordPress Crowdsignal Dashboard plugin <= 3.0.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Nosa "apapedulimu" Shandy Patchstack Alliance in the WordPress Crowdsignal Dashboard plugin versions = 3.0.9. Solution Update the WordPress Polldaddy Polls & Ratings plugin to the latest available version at least 3.0.10...
CVE-2020-35438
Cross Site Scripting XSS vulnerability in the kk Star Ratings plugin before 4.1.5...
CVE-2020-35438
CVE-2020-35438 is a Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin prior to version 4.1.5. The issue affects the plugin’s handling of user-provided input in its rating functionality, enabling an attacker to inject malicious scripts. Public sources in connected documents co...
CVE-2014-4856
Cross-site scripting XSS vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party informati...