29 matches found
CVE-2023-4971
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...
EUVD-2023-12355
Malicious code in bioql PyPI...
EUVD-2023-23658
Malicious code in bioql PyPI...
EUVD-2023-59182
Malicious code in bioql PyPI...
CVE-2023-1403
The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary...
CVE-2023-0276
The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-6990
The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta page-head-code. This makes it possible for authenticated attackers...
WordPress Weaver Xtreme Theme Support plugin cross-site scripting vulnerability (CNVD-2024-26460)
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-4939
The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2024-4939 Weaver Xtreme Theme Support <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via div Shortcode
The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
WordPress Weaver Xtreme Theme Support Plugin <= 6.4 is vulnerable to Cross Site Scripting (XSS)
Software Weaver Xtreme Theme Support Type Plugin Vulnerable versions = 6.4 Fixed in 6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4939 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bb2346908882 Credits Peter Thaleikis...
CVE-2023-6990
The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta page-head-code. This makes it possible for authenticated attackers...
CVE-2023-4971
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...
Design/Logic Flaw
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...
CVE-2023-4971
CVE-2023-4971 affects the WordPress plugin Weaver Xtreme Theme Support prior to version 6.3.1. The root cause is unserialising the contents of an imported file, which could enable PHP object injection when a high-privilege user imports a malicious file and a suitable gadget chain is present on th...
CVE-2023-4971 Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...
Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection
Description The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin: class Te...
Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection
Description The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin: class Test...
CVE-2023-1403
The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary...
CVE-2023-1403
The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary...