Lucene search
K

178 matches found

vulnrichment
vulnrichment
added 2023/09/06 6:41 a.m.8 views

CVE-2023-4779 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...

6.4CVSS6.8AI score0.00325EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/09/06 12:0 a.m.6 views

WordPress plugin User Submitted Posts Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.4CVSS6AI score0.00325EPSS
Exploits0References4
patchstack
patchstack
added 2023/09/06 12:0 a.m.11 views

WordPress User Submitted Posts Plugin <= 20230901 is vulnerable to Cross Site Scripting (XSS)

Software User Submitted Posts Type Plugin Vulnerable versions = 20230901 Fixed in 20230902 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-7251 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 99d2f2c1710a Credits Ngô Thiên An ancorn from...

6.5CVSS6.9AI score0.00339EPSS
Exploits0References2Affected Software1
wpvulndb
wpvulndb
added 2023/08/16 12:0 a.m.9 views

User Submitted Posts < 20230811 - Unauthenticated Stored XSS

Description The plugin does not sanitize and escape the user-submitted-content parameter, which could allow unauthenticated users to perform Stored XSS attacks...

7.2CVSS5.5AI score0.00363EPSS
Exploits0Affected Software1
osv
osv
added 2023/08/15 8:15 a.m.3 views

CVE-2023-4308

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

5.4CVSS7.4AI score0.00363EPSS
Exploits0References2
prion
prion
added 2023/08/15 8:15 a.m.21 views

Cross site scripting

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

4.9CVSS5.3AI score0.00363EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2023/08/15 7:32 a.m.7 views

CVE-2023-4308 User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

7.2CVSS5.6AI score0.00363EPSS
Exploits0References2
cvelist
cvelist
added 2023/08/15 7:32 a.m.27 views

CVE-2023-4308 User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

7.2CVSS6.4AI score0.00363EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/08/15 12:0 a.m.5 views

WordPress Plugin User Submitted Posts Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

7.2CVSS5.7AI score0.00363EPSS
Exploits0References4
patchstack
patchstack
added 2023/08/15 12:0 a.m.15 views

WordPress User Submitted Posts Plugin <= 20230809 is vulnerable to Cross Site Scripting (XSS)

Software User Submitted Posts Type Plugin Vulnerable versions = 20230809 Fixed in 20230811 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7067f0962238 Credits NGÔ THI...

7.2CVSS5.6AI score0.00363EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2023/08/15 12:0 a.m.4 views

PT-2023-28687 · WordPress · User Submitted Posts

Name of the Vulnerable Software and Affected Versions: User Submitted Posts plugin for WordPress versions up to, and including, 20230809 Description: The issue is related to Stored Cross-Site Scripting via the user-submitted-content parameter due to insufficient input sanitization and output...

7.2CVSS6.2AI score0.00363EPSS
Exploits0References10
osv
osv
added 2023/06/07 2:15 a.m.5 views

CVE-2019-25138

The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uspcheckimages function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...

9.8CVSS6.4AI score0.02326EPSS
Exploits1References3
cnnvd
cnnvd
added 2023/06/07 12:0 a.m.8 views

WordPress Plugin User Submitted Posts 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in the WordPress plugin User Submitted Posts, which is caused by incorrect validation of file...

9.8CVSS7.6AI score0.02326EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2023/06/07 12:0 a.m.7 views

PT-2023-11365 · WordPress · User Submitted Posts

Name of the Vulnerable Software and Affected Versions: User Submitted Posts plugin for WordPress versions up to, and including, 20190312 Description: The issue arises from missing file type validation in the usp check images function, allowing unauthenticated attackers to upload arbitrary files t...

9.8CVSS9.8AI score0.02326EPSS
Exploits1References5
cnvd
cnvd
added 2023/04/18 12:0 a.m.23 views

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in the WordPress plugin User Submitted Posts, which is caused by incorrect validation of file extensions by the usp_check_images function. An attacker can exploit this vulnerability to upload malicious files and execute arbitrary code on a vulnerable system.

Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 version v1.6.0-639, which stems from the AP4TrunAtom::SetDataOffsetint function in Ap4TrunAtom.h containing a segmentation violation. An attacker can exploit this vulnerabili...

5.5CVSS6.5AI score0.00291EPSS
Exploits1References1
checkpoint_advisories
checkpoint_advisories
added 2022/11/21 12:0 a.m.6 views

Studio42 elFinder Directory Traversal (CVE-2022-26960)

A directory traversal vulnerability exists in elFinder. The vulnerability is due to insufficient validation of user submitted paths...

5.8CVSS3.3AI score0.50993EPSS
Exploits1
packetstorm
packetstorm
added 2022/08/01 12:0 a.m.354 views

WordPress SeatReg 1.23.0 Open Redirect

Exploit Title: WordPress Plugin ‘SeatReg’ - Unauthenticated Open Redirect Date: 01-08-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/seatreg/ Version: 1.23.0 Tested on: Firefox Contact me: [email protected] Description: An Open Redirection...

7.4AI score
Exploits0
cnvd
cnvd
added 2022/07/01 12:0 a.m.33 views

ThinkPHP deserialization vulnerability

ThinkPHP is a PHP-based, open-source, lightweight web application development framework from China Top Thinking Information Technology. thinkPHP v6.0.12 version has a deserialization vulnerability, which originates from the component vendorleagueflysystem-cached- adaptersrcStorageAbstractCache.ph...

9.8CVSS3.4AI score0.22306EPSS
Exploits1References1
cnvd
cnvd
added 2022/06/22 12:0 a.m.24 views

Microweber Cross-Site Scripting Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber versions prior to 1.2.17, whic...

6.5CVSS6AI score0.02907EPSS
Exploits1References1
openvas
openvas
added 2022/06/15 12:0 a.m.18 views

TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2022-004)

TYPO3 is prone to a cross-site scripting XSS vulnerability in the Frontend Login Mailer. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.4CVSS5.2AI score0.00717EPSS
Exploits0References1
Rows per page
Query Builder