30 matches found
CVE-2024-30543 WordPress Whizzy plugin <= 1.1.18 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in UPQODE Whizz.This issue affects Whizzy: from n/a through 1.1.18...
CVE-2024-30543
CVE-2024-30543 is an authorization bypass via a user-controlled key in the UPQODE Whizz/Whizzy WordPress plugin, affecting versions from n/a to 1.1.18. The CVSS 3.1 base score is 6.5 (Network attack, Low attack complexity, Privileges Required: None, User Interaction: None, Confidentiality/Integri...
CVE-2023-0094
The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0094
The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Cross site scripting
The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0094 UpQode Google Maps <= 1.0.5 - Contributor+ Stored XSS
The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0094 UpQode Google Maps <= 1.0.5 - Contributor+ Stored XSS
The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PT-2024-11918 · WordPress · Upqode Google Maps Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: UpQode Google Maps WordPress plugin versions 1.0.0 through 1.0.5 Description: The issue is related to the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcode is...
WordPress plugin UpQode Google Maps 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
UpQode Google Maps <= 1.0.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit: vcugmmap mapheight='100px;...