11 matches found
WordPress Steel Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Steel Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10147 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1c80ca24b74c Credits Francesco Carlucci Required privile...
WordPress Mobile Kiosk Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Mobile Kiosk Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51829 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7924bf5d9424 Credits SOPROBRO Required privilege Contributor...
WordPress HT Builder – WordPress Theme Builder for Elementor Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software HT Builder – WordPress Theme Builder for Elementor Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51682 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0f85ba0467c8 Credits Gab...
WordPress Penci Soledad Data Migrator Plugin <= 1.3.0 is vulnerable to Local File Inclusion
Software Penci Soledad Data Migrator Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3551 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 00732af89875 Credits M.Awad Required privilege...
WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Custom WooCommerce Checkout Fields Editor Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30518 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1753adeaf82a...
CVE-2023-48903
Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...
PT-2024-10075 · Typogrify · Typogrify
Name of the Vulnerable Software and Affected Versions: Typogrify versions 0.0.0 through 1.3.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for Cross-Site Scripting XSS. This can be exploited by a remote attacker to conduct an XSS...
WordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object Injection
Software ARI Stream Quiz Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52182 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c9a4f35de1f1 Credits Rafie Muhammad Patchstack Required...
WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33311 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eead2c1f0998 Credits Rafie Muhammad...
WordPress Video Central Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Video Central Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0418 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6114cbd9fcb5 Credits Lana Codes Required...
Grav CMS system/src/Grav/Common/Twig/Twig.php file cross-site scripting vulnerability
Grav CMS is a scalable CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. A cross-site scripting vulnerability exists in the system/src/Grav/Common/Twig/Twig.php file in Grav CMS version 1.3.0. A remote attacker can inject...