31 matches found
PT-2023-20100 · Podlove · Podlove Subscribe Button Plugin
Name of the Vulnerable Software and Affected Versions: Podlove Podlove Subscribe button plugin versions 1.3.7 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...
CVE-2023-25479
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...
CVE-2023-25479 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...
CVE-2023-25479 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...
PT-2023-20097 · Podlove · Podlove Subscribe Button
Name of the Vulnerable Software and Affected Versions: Podlove Podlove Subscribe button plugin versions 1.3.7 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions 1.3.7 a...
WordPress plugin Podlove Subscribe button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
Podlove Subscribe button < 1.3.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Podlove Subscribe button Type Plugin Vulnerable versions = 1.3.7 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25481 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 87331aa50a18 Credits yuyudhn...
Podlove Subscribe button < 1.3.9 - Multiple CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions such as create/update/delete buttons, as well update/create formats via CSRF attacks...
WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)
Software Podlove Subscribe button Type Plugin Vulnerable versions = 1.3.7 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25479 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ce8b8c58ff2d Credits yuyudhn Requir...
Liberapay: A single user can subscribe a community multiple times
There is no proper validation while subscribing for a community. A user can subscribe a single community multiple times. Steps to recreate: Step 1: Open any community Step 2: Click on subscribe button Step 3: Capture the POST request and submit it multiple times Step 4: Check the subscription cou...