WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-Site Scripting

WordPress Car Repair Services & Auto Mechanic before 4.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the serviceestimatekey parameter before outputting it back in the page. id: CVE-2021-24335 info: name: WordPress Car Repair Services & Auto Mechanic Them...

EUVD-2024-31406

Malicious code in bioql PyPI...

CVE-2024-33694

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5...

Vencorp 2.1.1 SQL Injection

==================================================================================================================================== | Title : Vencorp v 2.1.1 Auth by Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor ...

CVE-2024-33694

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5...

CVE-2024-33694

CVE-2024-33694 is an XSS vulnerability in Meks ThemeForest Smart Widget (WordPress plugin). It allows Stored Cross-Site Scripting and affects ThemeForest Smart Widget versions from n/a through 1.5. The CVSS 3.1 base score is 5.9 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). The available data does not s...

CVE-2024-33694 WordPress Meks ThemeForest Smart Widget plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5...

CVE-2024-33694 WordPress Meks ThemeForest Smart Widget plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5...

WordPress Meks ThemeForest Smart Widget plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Meks ThemeForest Smart Widget versions = 1.5...

WordPress plugin Meks ThemeForest Smart Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Me...

WordPress Meks ThemeForest Smart Widget Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Meks ThemeForest Smart Widget Type Plugin Vulnerable versions = 1.5 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33694 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 04ccfd2bf640 Credits Joshua Chan Required privile...

PT-2024-25450 · Unknown · Meks Themeforest Smart Widget

Name of the Vulnerable Software and Affected Versions: Meks ThemeForest Smart Widget versions through 1.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker ca...

CVE-2023-25989

Cross-Site Request Forgery CSRF vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading...

CVE-2023-25989

Summary: CVE-2023-25989 is a CSRF vulnerability reported across multiple Meks WordPress plugins (Audio Player, Time Ago, ThemeForest Smart Widget, Smart Author Widget, Easy Maps, Easy Photo Feed Widget, Simple Flickr Widget, Easy Ads Widget, Smart Social Widget, and related plugins). The flaw ena...

WordPress Meks ThemeForest Smart Widget Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Meks ThemeForest Smart Widget Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25989 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2367191a142b Credits Muhammad...

WordPress Oxygen-Theme 7.8 Directory Traversal

==================================================================================================================================== | Title : WordPress Oxygen-Theme v7.8 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

WordPress ChurcHope Responsive Themes 4.7.x Directory Traversal

==================================================================================================================================== | Title : WordPress - ChurcHope Responsive Themes 4.7.x Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser...

WordPress Workreap 2.2.2 Shell Upload

Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Dork: inurl:/wp-content/themes/workreap/ Date: 2023-06-01 Category : Webapps Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 Exploit Author...

WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Dork: inurl:/wp-content/themes/workreap/ Date: 2023-06-01 Category : Webapps Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 Exploit Author...

WordPress Real Estate 7 Theme 3.3.4 Cross Site Scripting

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Unauthenticated Reflected Cross-Site Scripting XSS Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz...