8 matches found
EUVD-2023-12355
Malicious code in bioql PyPI...
WordPress Weaver Xtreme Theme Support plugin cross-site scripting vulnerability (CNVD-2024-26460)
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-4939
The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2023-4971
CVE-2023-4971 affects the WordPress plugin Weaver Xtreme Theme Support prior to version 6.3.1. The root cause is unserialising the contents of an imported file, which could enable PHP object injection when a high-privilege user imports a malicious file and a suitable gadget chain is present on th...
CVE-2023-4971 Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...
CVE-2023-0276 Weaver Xtreme Theme Support < 6.2.7 - Contributor+ Stored XSS
The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
PT-2023-16134 · WordPress · Weaver Xtreme Theme Support
Name of the Vulnerable Software and Affected Versions: Weaver Xtreme Theme Support WordPress plugin versions prior to 6.2.7 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to perform...
WordPress Weaver Xtreme Theme Support Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Weaver Xtreme Theme Support Type Plugin Vulnerable versions = 5.0.2 Fixed in 6.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7fef1f764ecf Credits Unknown Required...