27 matches found
EUVD-2013-2638
Malware in sbrugna...
EUVD-2022-25167
Malicious code in bioql PyPI...
CVE-2022-1895
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2022-1896
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
WordPress underConstruction plugin <= 1.21 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez Patchstack Alliance in WordPress Plugin underConstruction versions = 1.21...
WordPress underConstruction Plugin <= 1.21 is vulnerable to Cross Site Scripting (XSS)
Software underConstruction Type Plugin Vulnerable versions = 1.21 Fixed in 1.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30548 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b0c168347691 Credits Felipe Restrepo Rodriguez Required...
WordPress underConstruction plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...
WordPress underConstruction plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress underConstruction plugin...
CVE-2022-1896
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
CVE-2022-1895
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2022-1895
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2022-1896 underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
WordPress plugin underConstruction 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress underConstruction plugin...
underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed. PoC In the plugin's settings, active Under Contraction...
WordPress underConstruction plugin <= 1.19 - Construction Mode Deactivation via Cross-Site Request Forgery (CSRF) vulnerability
Construction Mode Deactivation via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress underConstruction plugin versions = 1.19. Solution Update the WordPress underConstruction plugin to the latest available version at least 1.20...
WordPress underConstruction plugin <= 1.20 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress underConstruction plugin versions = 1.20. Solution Update the WordPress underConstruction plugin to the latest available version at least 1.21...
CVE-2021-39320
The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...
CVE-2021-39320 underConstruction <= 1.18 - Reflected Cross-Site Scripting
The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...
CVE-2021-39320
CVE-2021-39320 affects the WordPress Under Construction plugin (versions
CVE-2021-39320 underConstruction <= 1.18 - Reflected Cross-Site Scripting
The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...