178 matches found
CVE-2023-4779 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...
WordPress plugin User Submitted Posts Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
WordPress User Submitted Posts Plugin <= 20230901 is vulnerable to Cross Site Scripting (XSS)
Software User Submitted Posts Type Plugin Vulnerable versions = 20230901 Fixed in 20230902 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-7251 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 99d2f2c1710a Credits Ngô Thiên An ancorn from...
User Submitted Posts < 20230811 - Unauthenticated Stored XSS
Description The plugin does not sanitize and escape the user-submitted-content parameter, which could allow unauthenticated users to perform Stored XSS attacks...
CVE-2023-4308
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
Cross site scripting
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
CVE-2023-4308 User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
CVE-2023-4308 User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
WordPress Plugin User Submitted Posts Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
WordPress User Submitted Posts Plugin <= 20230809 is vulnerable to Cross Site Scripting (XSS)
Software User Submitted Posts Type Plugin Vulnerable versions = 20230809 Fixed in 20230811 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7067f0962238 Credits NGÔ THI...
PT-2023-28687 · WordPress · User Submitted Posts
Name of the Vulnerable Software and Affected Versions: User Submitted Posts plugin for WordPress versions up to, and including, 20230809 Description: The issue is related to Stored Cross-Site Scripting via the user-submitted-content parameter due to insufficient input sanitization and output...
CVE-2019-25138
The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uspcheckimages function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...
WordPress Plugin User Submitted Posts 代码问题漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in the WordPress plugin User Submitted Posts, which is caused by incorrect validation of file...
PT-2023-11365 · WordPress · User Submitted Posts
Name of the Vulnerable Software and Affected Versions: User Submitted Posts plugin for WordPress versions up to, and including, 20190312 Description: The issue arises from missing file type validation in the usp check images function, allowing unauthenticated attackers to upload arbitrary files t...
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in the WordPress plugin User Submitted Posts, which is caused by incorrect validation of file extensions by the usp_check_images function. An attacker can exploit this vulnerability to upload malicious files and execute arbitrary code on a vulnerable system.
Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 version v1.6.0-639, which stems from the AP4TrunAtom::SetDataOffsetint function in Ap4TrunAtom.h containing a segmentation violation. An attacker can exploit this vulnerabili...
Studio42 elFinder Directory Traversal (CVE-2022-26960)
A directory traversal vulnerability exists in elFinder. The vulnerability is due to insufficient validation of user submitted paths...
WordPress SeatReg 1.23.0 Open Redirect
Exploit Title: WordPress Plugin ‘SeatReg’ - Unauthenticated Open Redirect Date: 01-08-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/seatreg/ Version: 1.23.0 Tested on: Firefox Contact me: [email protected] Description: An Open Redirection...
ThinkPHP deserialization vulnerability
ThinkPHP is a PHP-based, open-source, lightweight web application development framework from China Top Thinking Information Technology. thinkPHP v6.0.12 version has a deserialization vulnerability, which originates from the component vendorleagueflysystem-cached- adaptersrcStorageAbstractCache.ph...
Microweber Cross-Site Scripting Vulnerability
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber versions prior to 1.2.17, whic...
TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2022-004)
TYPO3 is prone to a cross-site scripting XSS vulnerability in the Frontend Login Mailer. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...