Lucene search
K

31 matches found

Positive Technologies
Positive Technologies
added 2023/05/23 12:0 a.m.5 views

PT-2023-20100 · Podlove · Podlove Subscribe Button Plugin

Name of the Vulnerable Software and Affected Versions: Podlove Podlove Subscribe button plugin versions 1.3.7 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

8.8CVSS8.8AI score0.00248EPSS
Exploits0References4
OSV
OSV
added 2023/04/25 12:15 p.m.4 views

CVE-2023-25479

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...

4.8CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2023/04/25 12:0 p.m.26 views

CVE-2023-25479 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 p.m.8 views

CVE-2023-25479 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.6 views

PT-2023-20097 · Podlove · Podlove Subscribe Button

Name of the Vulnerable Software and Affected Versions: Podlove Podlove Subscribe button plugin versions 1.3.7 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions 1.3.7 a...

5.9CVSS5.3AI score0.00369EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.5 views

WordPress plugin Podlove Subscribe button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/02/15 12:0 a.m.18 views

Podlove Subscribe button < 1.3.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00369EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2023/02/15 12:0 a.m.11 views

WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Podlove Subscribe button Type Plugin Vulnerable versions = 1.3.7 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25481 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 87331aa50a18 Credits yuyudhn...

8.8CVSS6.6AI score0.00248EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/15 12:0 a.m.15 views

Podlove Subscribe button < 1.3.9 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions such as create/update/delete buttons, as well update/create formats via CSRF attacks...

8.8CVSS6.7AI score0.00248EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2023/02/15 12:0 a.m.10 views

WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Software Podlove Subscribe button Type Plugin Vulnerable versions = 1.3.7 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25479 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ce8b8c58ff2d Credits yuyudhn Requir...

5.9CVSS5.8AI score0.00369EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2018/06/06 2:16 a.m.43 views

Liberapay: A single user can subscribe a community multiple times

There is no proper validation while subscribing for a community. A user can subscribe a single community multiple times. Steps to recreate: Step 1: Open any community Step 2: Click on subscribe button Step 3: Capture the POST request and submit it multiple times Step 4: Check the subscription cou...

7.1AI score
Exploits0
Rows per page
Query Builder