34 matches found
EUVD-2024-16162
Malicious code in bioql PyPI...
EUVD-2023-59017
Malicious code in bioql PyPI...
CVE-2024-7955
The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-0366
The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...
CVE-2024-0256
The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-6806
The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...
WordPress Starbox plugin < 3.5.3 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Starbox versions 3.5.3...
CVE-2024-8239
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks...
CVE-2024-8239
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks...
CVE-2024-8239 Starbox < 3.5.3 - Contributor+ Stored XSS
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks...
PT-2024-38885 · WordPress · Starbox
Name of the Vulnerable Software and Affected Versions: Starbox WordPress plugin versions prior to 3.5.3 Description: The issue concerns the improper rendering of social media profiles URLs in certain contexts, such as a malicious user's profile or pages where the starbox shortcode is used. This c...
CVE-2024-7955
The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2024-38716 · WordPress · Starbox
Name of the Vulnerable Software and Affected Versions: The Starbox WordPress plugin versions prior to 3.5.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...
CVE-2024-1273
The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
CVE-2023-6806
The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-6806
The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...
WordPress Plugin Starbox Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-17723 · WordPress · Starbox
Name of the Vulnerable Software and Affected Versions: Starbox WordPress plugin versions prior to 3.5.0 Description: The issue allows users with a role as low as Contributor to perform Cross-Site Scripting attacks due to the plugin not sanitizing and escaping some parameters. This could potential...
CVE-2023-6806
CVE-2023-6806 — Starbox plugin for WordPress stores XSS via Job Settings fields in all versions up to 3.4.8. Root cause: insufficient input sanitization/output escaping allows authenticated users with subscriber+ privileges to inject script executed by other users. Mitigation: upgrade to the fixe...
CVE-2023-6806 Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings
The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...