11 matches found
EUVD-2024-49984
Malicious code in bioql PyPI...
CVE-2024-9521 SEO Manager <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta
The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level a...
CVE-2024-9521
CVE-2024-9521 affects the WordPress SEO Manager plugin (versions
WordPress SEO Manager plugin <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta vulnerability discovered by István Márton in WordPress Plugin SEO Manager versions = 1.9...
WordPress plugin SEO Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress SEO Manager Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS)
Software SEO Manager Type Plugin Vulnerable versions = 1.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9521 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 00863c67821a Credits István Márton Required privilege...
Yoast SEO < 21.1 - Authenticated (Seo Manager+) Stored Cross-Site Scripting
Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 21.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with seo manager-level access and above, to inject...
WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS)
Software Yoast SEO Type Plugin Vulnerable versions = 21.0 Fixed in 21.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-40680 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID c49205f84c75 Credits Rafie Muhammad Patchstack Required...
Remote Code Execution (RCE)
yoast/wordpress-seo is vulnerable to remote code execution. An SEO Manager is able to execute arbitrary OS commands via a ZIP import through a race condition vulnerability in unzipfile in admin/import/class-import-settings.php...
CVE-2018-19370
The CVE-2018-19370 entry concerns Yoast SEO (wordpress-seo) plugin for WordPress, specifically versions before 9.2.0. A race-condition in unzip_file (admin/import/class-import-settings.php) allows an SEO Manager to execute OS commands via a ZIP import. Public sources in the connected documents co...
Yoast SEO <= 9.1 - Authenticated Race Condition
According to the changelog, "Race Condition which leads to command execution, by users with SEO Manager roles."...