Lucene search
K

39 matches found

CNNVD
CNNVD
added 2024/04/15 12:0 a.m.6 views

WordPress Plugin Social Share, Social Login and Social Comments Plugin 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress Plugin Social Share, Social Login and...

4.8CVSS8.1AI score0.005EPSS
Exploits2References2
CVE
CVE
added 2023/11/12 9:47 p.m.41 views

CVE-2023-28694

CVE-2023-28694 describes a CSRF vulnerability in the WordPress plugin Wbcom Designs – BuddyPress Activity Social Share, affecting versions up to 3.5.0. The issue is identified as CSRF with attacker-required user privileges, and Patchstack notes a fix in version 3.5.1. Public disclosures and entri...

8.8CVSS7.1AI score0.00304EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/08/10 2:15 p.m.6 views

CVE-2023-37388

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sudipto Pratap Mahato Simple Light Weight Social Share plugin = 2.0 versions...

4.8CVSS7.3AI score0.00316EPSS
Exploits0References1
Prion
Prion
added 2023/08/10 2:15 p.m.15 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sudipto Pratap Mahato Simple Light Weight Social Share plugin = 2.0 versions...

4.3CVSS4.8AI score0.00316EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.3 views

WordPress Plugin Simple Light Weight Social Share Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.9CVSS6AI score0.00316EPSS
Exploits0References2
OSV
OSV
added 2023/06/19 11:15 a.m.6 views

CVE-2023-2779

The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS7.3AI score0.05991EPSS
Exploits4References3
OSV
OSV
added 2023/01/16 4:15 p.m.4 views

CVE-2022-4484

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00471EPSS
Exploits1References1
NVD
NVD
added 2023/01/09 9:15 a.m.25 views

CVE-2022-4882

A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site...

4.7CVSS3.9AI score0.00555EPSS
Exploits0References5
Prion
Prion
added 2023/01/09 9:15 a.m.31 views

Cross site scripting

A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site...

4CVSS4.6AI score0.00555EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/01/09 8:50 a.m.29 views

CVE-2022-4882 kaltura mwEmbed Share Plugin share.js cross site scripting

A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site...

2.6CVSS4.8AI score0.00555EPSS
Exploits0References5
OSV
OSV
added 2023/01/09 8:50 a.m.18 views

CVE-2022-4882 kaltura mwEmbed Share Plugin share.js cross site scripting

A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site...

2.6CVSS3.5AI score0.00555EPSS
Exploits0References7
CVE
CVE
added 2023/01/09 8:50 a.m.63 views

CVE-2022-4882

CVE-2022-4882 affects kaltura mwEmbed (up to 2.91). The vulnerability resides in the Share Plugin’s file modules/KalturaSupport/components/share/share.js, where manipulating the res argument leads to cross-site scripting. The issue can be exploited remotely with high attack complexity and require...

4.7CVSS4.1AI score0.00555EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.9 views

PT-2023-15896 · Kaltura · Kaltura Mwembed

Name of the Vulnerable Software and Affected Versions: kaltura mwEmbed versions up to 2.91 Description: A problem was found in the Share Plugin component, specifically in the file modules/KalturaSupport/components/share/share.js. The issue allows for cross site scripting through the manipulation ...

4.7CVSS4AI score0.00555EPSS
Exploits0References8
Prion
Prion
added 2022/06/13 1:15 p.m.16 views

Cross site request forgery (csrf)

The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugintoolbarcomparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject...

6.8CVSS8.2AI score0.00815EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/06/13 12:46 p.m.14 views

CVE-2022-1918 ToolBar to Share <= 2.0 - Cross-Site Request Forgery to Cross-Site Scripting

The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugintoolbarcomparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject...

8.8CVSS8.5AI score0.00815EPSS
Exploits1References3
Patchstack
Patchstack
added 2022/06/09 12:0 a.m.43 views

WordPress ToolBar to Share plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by Sho Sakata Cryptography Laboratory at Tokyo Denki University in WordPress ToolBar to Share plugin versions = 2.0. Solution Deactivate and delete. This plugin has been closed as of May 31, 2022 and is n...

8.8CVSS1.2AI score0.00815EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/08/13 5:15 p.m.3 views

CVE-2021-34823

The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...

9.1CVSS5.9AI score0.01979EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.22 views

CVE-2018-11632

An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings via...

6.4AI score0.00537EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2017/08/16 12:0 a.m.11 views

AddToAny Share Buttons <= 1.7.14 - Conditional Host Header Injection

Plugin description: "AddToAny is the universal sharing platform, and AddToAny’s plugin is the most popular share plugin for WordPress, making sites social media ready since 2006." Active installs according to https://wordpress.org/plugins/add-to-any/: 400,000+ checked on 15. Aug 2017 It's possibl...

0.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder