EUVD-2024-31406

Malicious code in bioql PyPI...

CVE-2024-33694

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5...

CVE-2023-25989

Cross-Site Request Forgery CSRF vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading t...

CVE-2024-33694

CVE-2024-33694 is an XSS vulnerability in Meks ThemeForest Smart Widget (WordPress plugin). It allows Stored Cross-Site Scripting and affects ThemeForest Smart Widget versions from n/a through 1.5. The CVSS 3.1 base score is 5.9 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). The available data does not s...

CVE-2024-33694 WordPress Meks ThemeForest Smart Widget plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5...

WordPress Meks ThemeForest Smart Widget plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Meks ThemeForest Smart Widget versions = 1.5...

WordPress plugin Meks ThemeForest Smart Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Me...

PT-2024-25450 · Unknown · Meks Themeforest Smart Widget

Name of the Vulnerable Software and Affected Versions: Meks ThemeForest Smart Widget versions through 1.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker ca...

WordPress Meks ThemeForest Smart Widget Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Meks ThemeForest Smart Widget Type Plugin Vulnerable versions = 1.5 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33694 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 04ccfd2bf640 Credits Joshua Chan Required privile...

PT-2024-15730 · WordPress · Meks Smart Social Widget

Name of the Vulnerable Software and Affected Versions: Meks Smart Social Widget plugin for WordPress versions up to, and including, 1.6.3 Description: The issue is related to Stored Cross-Site Scripting via the Meks Smart Social Widget, caused by insufficient input sanitization and output escapin...

CVE-2023-25989

Cross-Site Request Forgery CSRF vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading...

CVE-2023-25989

Summary: CVE-2023-25989 is a CSRF vulnerability reported across multiple Meks WordPress plugins (Audio Player, Time Ago, ThemeForest Smart Widget, Smart Author Widget, Easy Maps, Easy Photo Feed Widget, Simple Flickr Widget, Easy Ads Widget, Smart Social Widget, and related plugins). The flaw ena...

WordPress Meks ThemeForest Smart Widget Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Meks ThemeForest Smart Widget Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25989 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2367191a142b Credits Muhammad...