EUVD-2022-51409

Malicious code in bioql PyPI...

CVE-2022-4029

The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforummd5 hash of the WordPress URL' cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

WordPress Simple:Press plugin suffers from a reflected cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A reflective cross-site...

WordPress Simple:Press plugin arbitrary file modification vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An arbitrary file...

CVE-2022-4031

The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions...

CVE-2022-4027

The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible...

PT-2022-25325 · WordPress · Simple:Press

Name of the Vulnerable Software and Affected Versions: Simple:Press plugin for WordPress versions up to, and including, 6.8 Description: The issue is related to Reflected Cross-Site Scripting via the sforum md5 hash of the WordPress URL cookie value due to insufficient input sanitization and outp...

Simple:Press < 6.8.1 - Admin+ Arbitrary File Update

The plugin does not validate files to be updated, which could allow high privilege users such as admin to update arbitrary files and not just the one allowed by the plugin...

PT-2022-25342 · WordPress · Simple:Press

Name of the Vulnerable Software and Affected Versions: Simple:Press plugin for WordPress versions up to, and including, 6.8 Description: The issue allows for arbitrary file modifications via the file parameter, which does not properly restrict files to be edited in the context of the plugin. This...

Simple:Press < 6.8.1 - Subscriber+ Stored XSS via Profile Signatures

The plugin does not sanitise and escape the postitem parameter when modifying profile signatures, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...