11 matches found
EUVD-2024-47013
Malicious code in bioql PyPI...
CVE-2024-5870
The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-5870
The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-5870
The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-5870 Tweaker5 <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-5870 Tweaker5 <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-5870
CVE-2024-5870 affects the Tweaker5 WordPress theme (versions
WordPress Tweaker5 theme <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Tweaker5 versions = 1.2...
WordPress Tweaker5 Theme <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software Tweaker5 Type Theme Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5870 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dc368d54393c Credits Francesco Carlucci Required privileg...
WordPress plugin Tweaker5 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PT-2024-37209 · WordPress · Tweaker5
Name of the Vulnerable Software and Affected Versions: Tweaker5 theme for WordPress versions up to, and including, 1.2 Description: The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping. This allows authenticated attackers with...