Lucene search
+L

68 matches found

Cvelist
Cvelist
added 2024/07/20 9:15 a.m.38 views

CVE-2024-37562 WordPress Simple Post Notes plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BracketSpace Simple Post Notes allows Stored XSS.This issue affects Simple Post Notes: from n/a through 1.7.7...

5.9CVSS0.00274EPSS
Exploits0References1
CVE
CVE
added 2024/07/20 9:15 a.m.50 views

CVE-2024-37562

CVE-2024-37562 affects the WordPress plugin “Simple Post Notes” and is described as an “Improper Neutralization of Input During Web Page Generation” (Stored XSS). The initial and connected records consistently note the issue as a Stored XSS vulnerability that affects Simple Post Notes versions n/...

5.9CVSS5.8AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.8 views

PT-2024-27661 · Unknown · Simple Post Notes

Name of the Vulnerable Software and Affected Versions: Simple Post Notes versions n/a through 1.7.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

5.9CVSS5.3AI score0.00274EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/07/09 6:13 a.m.6 views

WordPress Simple Post Notes plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Simple Post Notes versions = 1.7.7...

5.9CVSS6.1AI score0.00274EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/09 12:0 a.m.9 views

WordPress Simple Post Notes Plugin <= 1.7.7 is vulnerable to Cross Site Scripting (XSS)

Software Simple Post Notes Type Plugin Vulnerable versions = 1.7.7 Fixed in 1.7.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37562 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d5b3ff5d0988 Credits justakazh Required privilege...

5.9CVSS6.6AI score0.00274EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/04/11 1:15 p.m.36 views

CVE-2024-31935

Cross-Site Request Forgery CSRF vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6...

4.3CVSS4.6AI score0.002EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/11 12:18 p.m.43 views

CVE-2024-31935 WordPress Simple Post Notes plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6...

4.3CVSS5AI score0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/11 12:18 p.m.32 views

CVE-2024-31935 WordPress Simple Post Notes plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6...

4.3CVSS5.1AI score0.002EPSS
Exploits0References1
CVE
CVE
added 2024/04/11 12:18 p.m.73 views

CVE-2024-31935

CVE-2024-31935 describes a Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes for WordPress, affecting versions from n/a up to 1.7.6. The available documents confirm the vulnerability type and affected version range but do not provide specific root-cause details, ex...

4.3CVSS5.1AI score0.002EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/11 12:0 a.m.10 views

PT-2024-24299 · Unknown · Simple Post Notes

Name of the Vulnerable Software and Affected Versions: Simple Post Notes versions 1.7.6 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software. This type of issue allows an attacker to perform unintended actions on a user's behalf. Recommendations: For versions 1.7....

4.3CVSS6.7AI score0.002EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/11 12:0 a.m.6 views

WordPress Plugin Simple Post Notes 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

4.3CVSS6.4AI score0.002EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/10 1:51 p.m.9 views

WordPress Simple Post Notes plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin Simple Post Notes versions = 1.7.6...

4.3CVSS7AI score0.002EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/01/16 4:15 p.m.3 views

CVE-2021-24567

The Simple Post WordPress plugin through 1.1 does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue...

5.4CVSS5.8AI score0.00506EPSS
Exploits2References1
CVE
CVE
added 2024/01/16 3:48 p.m.34 views

CVE-2021-24567

CVE-2021-24567 concerns the Simple Post WordPress plugin (versions up to 1.1). The issue is an authenticated stored XSS: user input is not sanitized and is not escaped on output, enabling script execution when an authenticated user submits a Text value. The Red Hat/other sources corroborate the s...

5.4CVSS5.1AI score0.00506EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.3 views

WordPress plugin Simple Post security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

5.4CVSS5.9AI score0.00506EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.3 views

PT-2024-10892 · WordPress · The Simple Post

Name of the Vulnerable Software and Affected Versions: The Simple Post WordPress plugin versions through 1.1 Description: The issue arises from the plugin's failure to sanitize user input when an authenticated user provides a Text value. As a result, these values are not escaped when outputted to...

5.4CVSS5.5AI score0.00506EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2022/12/06 12:0 a.m.6 views

CVE-2022-4147

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in...

7.5AI score0.00577EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/17 11:15 a.m.6 views

CVE-2022-2186

The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.9AI score0.00552EPSS
Exploits2References2
OSV
OSV
added 2022/07/17 11:15 a.m.4 views

CVE-2022-2186

The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00552EPSS
Exploits2References1
CVE
CVE
added 2022/07/17 10:37 a.m.74 views

CVE-2022-2186

The CVE-2022-2186 entry concerns the WordPress Simple Post Notes plugin prior to 1.7.6. The issue is a stored cross-site scripting (XSS) vulnerability caused by failure to sanitize and escape plugin settings, enabling high-privilege users (e.g., admins) to perform XSS even when unfiltered_html is...

4.8CVSS4.7AI score0.00552EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder