EUVD-2024-31759

Malicious code in bioql PyPI...

CVE-2024-1999

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-7390

The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.1. This makes it possible for unauthenticated attackers to change the order of...

CVE-2024-43967

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1...

CVE-2024-43966

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1...

CVE-2024-43967 WordPress WP Testimonial Widget plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1...

CVE-2024-43967 WordPress WP Testimonial Widget plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1...

PT-2024-30828 · WordPress · Stark Digital Wp Testimonial Widget

Name of the Vulnerable Software and Affected Versions: Stark Digital WP Testimonial Widget versions n/a through 3.1 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection'. This allows for potential exploitation...

CVE-2024-7390

The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.1. This makes it possible for unauthenticated attackers to change the order of...

CVE-2024-7390 WP Testimonial Widget <= 3.1 - Missing Authorization

The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.1. This makes it possible for unauthenticated attackers to change the order of...

CVE-2024-7390

CVE-2024-7390 — WP Testimonial Widget (WordPress) affects the WP Testimonial Widget plugin for WordPress up to version 3.0. The root cause is a missing capability check on the function fnSaveTestimonailOrder, enabling unauthenticated modification of data (changing testimonial order). Public detai...

CVE-2024-7390 WP Testimonial Widget <= 3.1 - Missing Authorization

The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.1. This makes it possible for unauthenticated attackers to change the order of...

WordPress plugin Elementor Addons by Livemesh security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-1999

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping. This makes ...

Jeg Elementor Kit < 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial

Description The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2024-3162 Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...

PT-2024-3148 · WordPress · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.3 Description: The issue is related to Stored Cross-Site Scripting via the Testimonial Widget Attributes due to insufficient input sanitization and output escaping. Thi...