EUVD-2022-43173

Malicious code in bioql PyPI...

WordPress Fancier Author Box by ThematoSoup plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Fancier Author Box by ThematoSoup plugin 1.4 and earlier versions contain a cross-site scripting...

CVE-2022-3833

The CVE-2022-3833 entry documents a stored XSS vulnerability in the WordPress plugin Fancier Author Box by ThematoSoup (versions prior to 1.5). The root cause is improper sanitisation/escaping of certain settings, including those related to the disabled unfiltered_html feature, which can allow an...

Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Open the setting page of this plugin. 2. There...