83 matches found
CVE-2023-4779 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...
CVE-2023-4779 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...
CVE-2023-4779
CVE-2023-4779 affects the WordPress plugin User Submitted Posts . The vulnerability is a stored XSS via the plugin’s [usp_gallery] shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes (e.g., ‘before’). Impact: authenticated attackers with contributo...
WordPress plugin User Submitted Posts Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
WordPress User Submitted Posts Plugin <= 20230901 is vulnerable to Cross Site Scripting (XSS)
Software User Submitted Posts Type Plugin Vulnerable versions = 20230901 Fixed in 20230902 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-7251 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 99d2f2c1710a Credits Ngô Thiên An ancorn from...
CVE-2023-4308
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
Cross site scripting
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
CVE-2023-4308 User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
CVE-2023-4308 User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
WordPress Plugin User Submitted Posts Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
WordPress User Submitted Posts Plugin <= 20230809 is vulnerable to Cross Site Scripting (XSS)
Software User Submitted Posts Type Plugin Vulnerable versions = 20230809 Fixed in 20230811 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7067f0962238 Credits NGÔ THI...
CVE-2019-25138
The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uspcheckimages function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...
WordPress Plugin User Submitted Posts 代码问题漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in the WordPress plugin User Submitted Posts, which is caused by incorrect validation of file...
PT-2023-11365 · WordPress · User Submitted Posts
Name of the Vulnerable Software and Affected Versions: User Submitted Posts plugin for WordPress versions up to, and including, 20190312 Description: The issue arises from missing file type validation in the usp check images function, allowing unauthenticated attackers to upload arbitrary files t...
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in the WordPress plugin User Submitted Posts, which is caused by incorrect validation of file extensions by the usp_check_images function. An attacker can exploit this vulnerability to upload malicious files and execute arbitrary code on a vulnerable system.
Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 version v1.6.0-639, which stems from the AP4TrunAtom::SetDataOffsetint function in Ap4TrunAtom.h containing a segmentation violation. An attacker can exploit this vulnerabili...
CVE-2016-11001
The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...
CVE-2016-11001
The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...
Code injection
The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...
CVE-2016-11001
The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...
CVE-2016-11001
CVE-2016-11001 affects the WordPress plugin user-submitted-posts prior to 20160215. The vulnerability is described as XSS via the user-submitted-content field in the plugin. The connected documents reiterate the same description across NVD/Red Hat/other listings, with no explicit exploit details ...