Lucene search
K

83 matches found

Cvelist
Cvelist
added 2023/09/06 6:41 a.m.27 views

CVE-2023-4779 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...

6.4CVSS5.8AI score0.00325EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/06 6:41 a.m.8 views

CVE-2023-4779 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...

6.4CVSS6.8AI score0.00325EPSS
Exploits0References2
CVE
CVE
added 2023/09/06 6:41 a.m.44 views

CVE-2023-4779

CVE-2023-4779 affects the WordPress plugin User Submitted Posts . The vulnerability is a stored XSS via the plugin’s [usp_gallery] shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes (e.g., ‘before’). Impact: authenticated attackers with contributo...

6.4CVSS5.2AI score0.00325EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.6 views

WordPress plugin User Submitted Posts Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.4CVSS6AI score0.00325EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.11 views

WordPress User Submitted Posts Plugin <= 20230901 is vulnerable to Cross Site Scripting (XSS)

Software User Submitted Posts Type Plugin Vulnerable versions = 20230901 Fixed in 20230902 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-7251 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 99d2f2c1710a Credits Ngô Thiên An ancorn from...

6.5CVSS6.9AI score0.00339EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/08/15 8:15 a.m.3 views

CVE-2023-4308

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

5.4CVSS7.4AI score0.00363EPSS
Exploits0References2
Prion
Prion
added 2023/08/15 8:15 a.m.21 views

Cross site scripting

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

4.9CVSS5.3AI score0.00363EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/15 7:32 a.m.7 views

CVE-2023-4308 User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

7.2CVSS5.6AI score0.00363EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/15 7:32 a.m.25 views

CVE-2023-4308 User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

7.2CVSS6.4AI score0.00363EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/15 12:0 a.m.4 views

WordPress Plugin User Submitted Posts Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

7.2CVSS5.7AI score0.00363EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/08/15 12:0 a.m.15 views

WordPress User Submitted Posts Plugin <= 20230809 is vulnerable to Cross Site Scripting (XSS)

Software User Submitted Posts Type Plugin Vulnerable versions = 20230809 Fixed in 20230811 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7067f0962238 Credits NGÔ THI...

7.2CVSS5.6AI score0.00363EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/07 2:15 a.m.4 views

CVE-2019-25138

The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uspcheckimages function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...

9.8CVSS6.4AI score0.02326EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.6 views

WordPress Plugin User Submitted Posts 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in the WordPress plugin User Submitted Posts, which is caused by incorrect validation of file...

9.8CVSS7.6AI score0.02326EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.6 views

PT-2023-11365 · WordPress · User Submitted Posts

Name of the Vulnerable Software and Affected Versions: User Submitted Posts plugin for WordPress versions up to, and including, 20190312 Description: The issue arises from missing file type validation in the usp check images function, allowing unauthenticated attackers to upload arbitrary files t...

9.8CVSS9.8AI score0.02326EPSS
Exploits1References5
CNVD
CNVD
added 2023/04/18 12:0 a.m.23 views

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in the WordPress plugin User Submitted Posts, which is caused by incorrect validation of file extensions by the usp_check_images function. An attacker can exploit this vulnerability to upload malicious files and execute arbitrary code on a vulnerable system.

Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 version v1.6.0-639, which stems from the AP4TrunAtom::SetDataOffsetint function in Ap4TrunAtom.h containing a segmentation violation. An attacker can exploit this vulnerabili...

5.5CVSS6.5AI score0.00291EPSS
Exploits1References1
OSV
OSV
added 2019/09/20 3:15 p.m.5 views

CVE-2016-11001

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...

6.1CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2019/09/20 3:15 p.m.13 views

CVE-2016-11001

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...

6.1CVSS6.1AI score0.01177EPSS
Exploits1References2
Prion
Prion
added 2019/09/20 3:15 p.m.12 views

Code injection

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...

4.3CVSS6.1AI score0.01177EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/09/20 2:35 p.m.17 views

CVE-2016-11001

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...

6.1AI score0.01177EPSS
Exploits1References2
CVE
CVE
added 2019/09/20 2:35 p.m.54 views

CVE-2016-11001

CVE-2016-11001 affects the WordPress plugin user-submitted-posts prior to 20160215. The vulnerability is described as XSS via the user-submitted-content field in the plugin. The connected documents reiterate the same description across NVD/Red Hat/other listings, with no explicit exploit details ...

6.1CVSS6AI score0.01177EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder