21 matches found
EUVD-2024-34521
Malicious code in bioql PyPI...
CVE-2024-33941
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1...
CVE-2024-38690
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3...
CVE-2024-38690
CVE-2024-38690 corresponds to a Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder. Connected sources confirm the issue affects WordPress plugin versions 1.8.3 and earlier and describe a broken access-control scheme that allows accessing functionality not ...
WordPress plugin iPanorama 360 WordPress Virtual Tour Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.3 is vulnerable to Broken Access Control
Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38690 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 070f425a0f60 Credits...
iPanorama 360 WordPress Virtual Tour Builder < 1.8.2 - Missing Authorization
Description The iPanorama 360 WordPress Virtual Tour Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a REST API endpoint in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to view deactivated...
CVE-2024-33941
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1...
CVE-2024-33941
CVE-2024-33941: Missing Authorization in iPanorama 360 WordPress Virtual Tour Builder (lite) for WordPress plugin, affecting versions from n/a through 1.8.1. Connected sources confirm this as a Missing Authorization vulnerability; Red Hat Entry and Wordfence report patched status. No specific exp...
WordPress plugin iPanorama 360 WordPress Virtual Tour Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.1 is vulnerable to Broken Access Control
Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33941 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3a0c2aa84662 Credits...
CVE-2023-5336
The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.0 is vulnerable to SQL Injection
Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5336 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 25ea3eb9ee79 Credits István Márton Require...
WordPress plugin WP VR - 360 Panorama and Virtual Tour Builder For WordPress Cross Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP VR - 360 Panorama...
WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin < 1.8.0 is vulnerable to SQL Injection
Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID fc24718ff856 Credits Unknown Required privilege...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin = 8.2.7 versions...
CVE-2022-4392
The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4392
Product : iPanorama 360 WordPress Virtual Tour Builder plugin (= 1.6.30) or apply vendor advisories/workarounds. Notes : Public PoCs exist demonstrating the Stored XSS behavior; exploitation details are documented in multiple sources (e.g., WPScan, PT Security, Red Hat CVE pages).
WordPress Plugin iPanorama 360 WordPress Virtual Tour Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...