EUVD-2023-28432

Malicious code in bioql PyPI...

CVE-2023-24376

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nico Graff WP Simple Events plugin = 1.0 versions...

CVE-2023-24376

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nico Graff WP Simple Events plugin = 1.0 versions...

CVE-2023-24376

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nico Graff WP Simple Events plugin = 1.0 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nico Graff WP Simple Events plugin = 1.0 versions...

CVE-2023-24376

CVE-2023-24376 affects WP Simple Events (WordPress) ≤ 1.0. The vulnerability is an Auth. (admin+) Stored Cross-Site Scripting (XSS) in the plugin, with the exploitation described as a stored XSS condition requiring administrative privileges and user interaction. CVSS scores vary by source (NVD: 4...

CVE-2023-24376 WordPress WP Simple Events Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nico Graff WP Simple Events plugin = 1.0 versions...

CVE-2023-24376 WordPress WP Simple Events Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nico Graff WP Simple Events plugin = 1.0 versions...

Wordpress plugin WP Simple Events 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress WP Simple Events Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Simple Events Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24376 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 268257560db4 Credits Nithissh S Required...

CVE-2021-24552

The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the eventid POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue...

CVE-2021-24552

The CVE-2021-24552 entry concerns the WordPress plugin Simple Events Calendar (versions

Wordpress Plugin Simple Events Calendar SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in the...

Simple Events Calendar <= 1.4.0 - Authenticated (admin+) SQL Injection

The plugin does not sanitise, validate or escape the eventid POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue POST /wp-admin/admin.php?page=simple-events&tab=existingevents HTTP/1.1 Content-Length: 33 Cache-Control: max-age=0...

WordPress Simple Events Calendar plugin <=1.3.5 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Lenon Leite in WordPress Simple Events Calendar plugin versions =1.3.5. Solution 11/20/2017 - we were unable to find a patched version of this plugin...

Simple Events Calendar <= 1.3.5 - Authenticated SQL Injection

Type user access: administrator user. $POST‘eventid’ is not escaped. File / Code: Path Request: /wp-content/plugins/simple-events-calendar/simple-events-calendar.php Line : 467 $editevent = $POST'eventid'; $update = $wpdb-getresults " SELECT FROM $tablename WHERE id = $editevent ", "ARRAYA" ; PoC...

WordPress Plugin Eventify - Simple Events 1.7.f SQL Injection

Exploit Title: WordPress Eventify - Simple Events plugin getresults$qry;...