39 matches found
WordPress Plugin Social Share, Social Login and Social Comments Plugin 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress Plugin Social Share, Social Login and...
CVE-2023-28694
CVE-2023-28694 describes a CSRF vulnerability in the WordPress plugin Wbcom Designs – BuddyPress Activity Social Share, affecting versions up to 3.5.0. The issue is identified as CSRF with attacker-required user privileges, and Patchstack notes a fix in version 3.5.1. Public disclosures and entri...
CVE-2023-37388
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sudipto Pratap Mahato Simple Light Weight Social Share plugin = 2.0 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sudipto Pratap Mahato Simple Light Weight Social Share plugin = 2.0 versions...
WordPress Plugin Simple Light Weight Social Share Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-2779
The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2022-4484
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2022-4882
A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site...
Cross site scripting
A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site...
CVE-2022-4882 kaltura mwEmbed Share Plugin share.js cross site scripting
A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site...
CVE-2022-4882 kaltura mwEmbed Share Plugin share.js cross site scripting
A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site...
CVE-2022-4882
CVE-2022-4882 affects kaltura mwEmbed (up to 2.91). The vulnerability resides in the Share Plugin’s file modules/KalturaSupport/components/share/share.js, where manipulating the res argument leads to cross-site scripting. The issue can be exploited remotely with high attack complexity and require...
PT-2023-15896 · Kaltura · Kaltura Mwembed
Name of the Vulnerable Software and Affected Versions: kaltura mwEmbed versions up to 2.91 Description: A problem was found in the Share Plugin component, specifically in the file modules/KalturaSupport/components/share/share.js. The issue allows for cross site scripting through the manipulation ...
Cross site request forgery (csrf)
The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugintoolbarcomparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject...
CVE-2022-1918 ToolBar to Share <= 2.0 - Cross-Site Request Forgery to Cross-Site Scripting
The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugintoolbarcomparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject...
WordPress ToolBar to Share plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by Sho Sakata Cryptography Laboratory at Tokyo Denki University in WordPress ToolBar to Share plugin versions = 2.0. Solution Deactivate and delete. This plugin has been closed as of May 31, 2022 and is n...
CVE-2021-34823
The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...
CVE-2018-11632
An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings via...
AddToAny Share Buttons <= 1.7.14 - Conditional Host Header Injection
Plugin description: "AddToAny is the universal sharing platform, and AddToAny’s plugin is the most popular share plugin for WordPress, making sites social media ready since 2006." Active installs according to https://wordpress.org/plugins/add-to-any/: 400,000+ checked on 15. Aug 2017 It's possibl...