9 matches found
CVE-2023-4798
The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks...
EUVD-2023-54642
Malicious code in bioql PyPI...
CVE-2023-46621
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin = 1.4.11 versions...
CVE-2023-46621
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin = 1.4.11 versions...
CVE-2023-46621
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin = 1.4.11 versions...
CVE-2023-46621
CVE-2023-46621 is an unauthenticated cross-site scripting (XSS) vulnerability in the WordPress plugin User Avatar (ctltwp User Avatar) affecting versions up to and including 1.4.11 . The issue has a published CVE and is mitigated by upgrading to 1.4.12 or later. PatchStack corroborates the vulner...
PT-2023-30119 · WordPress · Ctlt Dev User Avatar
Name of the Vulnerable Software and Affected Versions: Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin versions = 1.4.11 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a...
CVE-2023-4798
The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks...
WordPress plugin User Avatar cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...