42 matches found
CVE-2016-10919
The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::addsiteurl method, a different vulnerability than CVE-2012-2633...
EUVD-2008-0530
Malware in sbrugna...
EUVD-2016-1913
Malware in sbrugna...
EUVD-2012-2619
Malware in sbrugna...
EUVD-2023-57946
Malicious code in bioql PyPI...
CVE-2023-5653
The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins...
Malicious code in wassup-shiva (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0899fc457c77b483e51bf66f4a0c586cfa9ad8c89be4ae2541efd3bc435a09d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9258 Malicious code in wassup-shiva (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0899fc457c77b483e51bf66f4a0c586cfa9ad8c89be4ae2541efd3bc435a09d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-5653
The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins...
CVE-2023-5653
The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins...
Cross site scripting
The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins...
CVE-2023-5653
CVE-2023-5653 afectar WassUp Real Time Analytics WordPress plugin
PT-2023-32239 · WordPress · Wassup Real Time Analytics
Name of the Vulnerable Software and Affected Versions: WassUp Real Time Analytics WordPress plugin versions 1.9.4.5 and earlier Description: The issue allows unauthenticated users to perform Stored XSS attacks against logged in admins. This is due to the plugin not escaping IP address provided vi...
WordPress plugin WassUp Real Time Analytics security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...
WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored XSS
Description The plugin does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins wget --header="X-Forwarded-For: " https://example.com -q -O- The XSS will be triggered wh...
PHP Library Remote Code Execution Vulnerability
Several PHP compatibility libraries contain a potential remote code execution flaw in their jsondecode function based on having copy pasted existing vulnerable code. Affected components include the WassUp Realtime analytics WordPress plugin, AjaXplorer Core, and more. JAHx221 - RCE in copy/pasted...
WordPress wassup plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wassup is a plugin for real-time statistical analysis of site visits. A cross-site scripting vulnerability exists in the WordPress...
CVE-2016-10919
The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::addsiteurl method, a different vulnerability than CVE-2012-2633...
CVE-2016-10919
The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::addsiteurl method, a different vulnerability than CVE-2012-2633...
CVE-2016-10919
The vulnerability CVE-2016-10919 affects the WordPress WassUp Real Time Analytics plugin (versions before 1.9.1). It allows stored or reflected XSS via the Top stats widget or the wassupURI::add_siteurl method, enabling an attacker to inject arbitrary script when the affected plugin renders conte...