6 matches found
WordPress Seven Stars theme <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Seven Stars versions = 1.4.4...
@quasar/quasar-app-extension-qmarkdown (>=1.0.0 <=1.4.4), @sourcedigital/jsonforms-vue2-quasar-v1 (>=0.1.3 <=0.1.5) +8 more potentially affected by CVE-2025-43954 via @quasar/quasar-ui-qmarkdown (=1.4.4)
@quasar/quasar-ui-qmarkdown NPM version =1.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on @quasar/quasar-ui-qmarkdown and may be impacted: - @quasar/quasar-app-extension-qmarkdown =1.0.0, =0.1.3, =0.0.1, =0.10.7, =0.0.1, =0.0.3, =0.0.1, =0.10.2,...
WordPress Slickstream Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)
Software Slickstream Type Plugin Vulnerable versions = 1.4.4 Fixed in 2.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10179 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 483fb63a8894 Credits Peter Thaleikis Required...
WordPress Open Graph Metabox Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Open Graph Metabox Type Plugin Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46191 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7aa3a95b4491 Credits LEE SE HYOUNG...
WordPress WooVIP – Membership plugin for WordPress and WooCommerce Plugin <= 1.4.4 is vulnerable to Server Side Request Forgery (SSRF)
Software WooVIP – Membership plugin for WordPress and WooCommerce Type Plugin Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID f21710078bd7...
UBUNTU-CVE-2020-8124
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...