CVE-2023-4725

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

EUVD-2023-54498

Malicious code in bioql PyPI...

Cross site scripting

The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-4725

CVE-2023-4725 affects the WordPress plugin Simple Posts Ticker prior to version 1.1.6. The issue is that certain settings are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., administrators) even when the unfiltered_html capability is disallowed (such as in multi...

CVE-2023-4725 Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4725 Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4646

CVE-2023-4646 affects the WordPress plugin Simple Posts Ticker (versions before 1.1.6). The flaw is insufficient validation/escaping of shortcode attributes, allowing stored XSS when a user with Contributor+ privileges outputs the shortcode on a post/page. The vulnerability is confirmed in multip...

CVE-2023-4646 Simple Posts Ticker < 1.1.6 - Contributor+ Stored XSS

The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress plugin Simple Posts Ticker cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

PT-2023-30035 · WordPress · Simple Posts Ticker

Name of the Vulnerable Software and Affected Versions: The Simple Posts Ticker WordPress plugin versions prior to 1.1.6 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes in the plugin, which could allow users with the contributor role and above to...

WordPress plugin Simple Posts Ticker cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress Simple Posts Ticker Plugin < 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Simple Posts Ticker Type Plugin Vulnerable versions 1.1.6 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4725 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fb8f01332256 Credits Dmitrii Ignatyev...

WordPress Simple Posts Ticker Plugin < 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Simple Posts Ticker Type Plugin Vulnerable versions 1.1.6 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4646 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 90737b96b35d Credits Dmitrii Ignatyev...

Simple Posts Ticker < 1.1.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Add a post with the shortcode:...