WordPress Ultimate Posts Widget plugin <= 2.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Ultimate Posts Widget versions = 2.2.9...

WordPress Ultimate Posts Widget Plugin <= 2.2.9 is vulnerable to Broken Access Control

Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.9 Fixed in 2.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 565122e43072 Credits Dhabaleshwar Das Requir...

WordPress Ultimate Posts Widget Plugin < 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Posts Widget Type Plugin Vulnerable versions 2.3.1 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0561 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4601be1431bf Credits Dmitrii ignatyev...

CVE-2024-0561

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2024-0561 Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2024-0561

The CVE-2024-0561 entry concerns the Ultimate Posts Widget WordPress plugin prior to 2.3.1, where the plugin does not validate and escape several Widget options before outputting them in attributes. This underpins a Stored XSS risk reported to affect admin-level users (and higher) in multisite co...

CVE-2024-0561 Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

PT-2024-15659 · WordPress · The Ultimate Posts Widget

Name of the Vulnerable Software and Affected Versions: The Ultimate Posts Widget WordPress plugin versions prior to 2.3.1 Description: The issue concerns the Ultimate Posts Widget WordPress plugin, where it fails to validate and escape some of its widget options before outputting them back in...

WordPress Plugin Ultimate Posts Widget Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

WordPress Ultimate Posts Widget Plugin <= 2.2.4 is vulnerable to Broken Access Control

Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 65c113fe970b Credits WordFence Required...

WordPress Ultimate Posts Widget Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ecda45839866 Credits WordFence...