WordPress plugin ShiftController Employee Shift Scheduling 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.66 is vulnerable to Cross Site Scripting (XSS)

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.66 Fixed in 4.9.67 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9435 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a5108d6c15b...

PT-2024-39630 · WordPress · Shiftcontroller Employee Shift Scheduling

Name of the Vulnerable Software and Affected Versions: ShiftController Employee Shift Scheduling plugin for WordPress versions up to, and including, 4.9.66 Description: The issue is related to Reflected Cross-Site Scripting via URL keys due to insufficient input sanitization and output escaping...

WordPress ShiftController Employee Shift Scheduling plugin <= 4.9.64 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin ShiftController Employee Shift Scheduling versions = 4.9.64...

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.64 is vulnerable to Cross Site Scripting (XSS)

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.64 Fixed in 4.9.65 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44040 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 74a00a678aaf Credits SOPROBRO...

CVE-2024-4733

The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the hc3session-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker with contributor access-level or above to inje...

CVE-2024-4733

CVE-2024-4733 affects ShiftController Employee Shift Scheduling WordPress plugin. Some versions up to 4.9.57 are vulnerable to PHP Object Injection via deserialization of untrusted input in the hc3_session cookie, exploitable by an authenticated attacker with contributor+ privileges to inject a P...

CVE-2024-4733 ShiftController Employee Shift Scheduling <= 4.9.57 - Authenticated (Contributor+) PHP Object Injection

The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the hc3session-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker with contributor access-level or above to inje...

CVE-2024-4733 ShiftController Employee Shift Scheduling <= 4.9.57 - Authenticated (Contributor+) PHP Object Injection

The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the hc3session-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker with contributor access-level or above to inje...

ShiftController Employee Shift Scheduling < 4.9.58 - Authenticated (Contributor+) PHP Object Injection

Description The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the hc3session-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker with contributor access-level or...

WordPress plugin ShiftController Employee Shift Scheduling 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.57 is vulnerable to PHP Object Injection

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.57 Fixed in 4.9.58 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4733 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID c137dcbad43b Credits Peter...

CVE-2023-29425

Cross-Site Request Forgery CSRF vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin = 4.9.23 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin = 4.9.23 versions...

CVE-2023-29425

CVE-2023-29425 is a CSRF vulnerability in the plainware.Com ShiftController Employee Shift Scheduling WordPress plugin, affecting versions

CVE-2023-29425 WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin = 4.9.23 versions...

CVE-2023-29425 WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin = 4.9.23 versions...

WordPress Plugin ShiftController Employee Shift Scheduling Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

ShiftController Employee Shift Scheduling < 4.9.24 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

PT-2023-22252 · Plainware.Com · Shiftcontroller Employee Shift Scheduling

Name of the Vulnerable Software and Affected Versions: plainware.Com ShiftController Employee Shift Scheduling plugin versions = 4.9.23 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performi...