Lucene search
K

30 matches found

Cvelist
Cvelist
added 2024/03/31 6:24 p.m.28 views

CVE-2024-30543 WordPress Whizzy plugin <= 1.1.18 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in UPQODE Whizz.This issue affects Whizzy: from n/a through 1.1.18...

6.5CVSS6.7AI score0.0036EPSS
Exploits0References1
CVE
CVE
added 2024/03/31 6:24 p.m.63 views

CVE-2024-30543

CVE-2024-30543 is an authorization bypass via a user-controlled key in the UPQODE Whizz/Whizzy WordPress plugin, affecting versions from n/a to 1.1.18. The CVSS 3.1 base score is 6.5 (Network attack, Low attack complexity, Privileges Required: None, User Interaction: None, Confidentiality/Integri...

6.5CVSS8.6AI score0.0036EPSS
Exploits0References1
OSV
OSV
added 2024/01/16 4:15 p.m.3 views

CVE-2023-0094

The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.0053EPSS
Exploits2References1
NVD
NVD
added 2024/01/16 4:15 p.m.34 views

CVE-2023-0094

The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.3AI score0.0053EPSS
Exploits2References1
Prion
Prion
added 2024/01/16 4:15 p.m.22 views

Cross site scripting

The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.9CVSS6.1AI score0.0053EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/01/16 3:55 p.m.37 views

CVE-2023-0094 UpQode Google Maps <= 1.0.5 - Contributor+ Stored XSS

The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5AI score0.0053EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:55 p.m.15 views

CVE-2023-0094 UpQode Google Maps <= 1.0.5 - Contributor+ Stored XSS

The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.8AI score0.0053EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.4 views

PT-2024-11918 · WordPress · Upqode Google Maps Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: UpQode Google Maps WordPress plugin versions 1.0.0 through 1.0.5 Description: The issue is related to the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcode is...

5.4CVSS5.8AI score0.0053EPSS
Exploits2References6
CNNVD
CNNVD
added 2023/05/01 12:0 a.m.7 views

WordPress plugin UpQode Google Maps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.4CVSS5.7AI score0.0053EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/02/13 12:0 a.m.30 views

UpQode Google Maps <= 1.0.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit: vcugmmap mapheight='100px;...

2.5AI score0.0053EPSS
Exploits2Affected Software1
Rows per page
Query Builder