40 matches found
CVE-2023-49747
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3...
CVE-2023-49747 WordPress Guest Author Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3...
CVE-2023-49747
CVE-2023-49747 refers to a Stored XSS in the WordPress plugin Guest Author (WebFactory Ltd) up to version 2.3. The vulnerability arises from improper neutralization of input during web page generation (author name), enabling injected scripts when users view pages. Public reports from Red Hat and ...
PT-2023-31323 · Webfactory · Guest Author
Name of the Vulnerable Software and Affected Versions: WebFactory Ltd Guest Author versions n/a through 2.3 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious...
WordPress Captcha Code Plugin <= 2.9 is vulnerable to Bypass Vulnerability
Software Captcha Code Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-48745 Patch priority Low CVSS severity Low 5.3 Developer WebFactory Ltd. PSID c2ae3ab19d4d Credits qilin99 Required privilege...
WordPress Simple Author Box Plugin < 2.52 is vulnerable to Insecure Direct Object References (IDOR)
Software Simple Author Box Type Plugin Vulnerable versions 2.52 Fixed in 2.52 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3601 Patch priority Low CVSS severity Low 6.5 Developer WebFactory Ltd. PSID c55453b38919 Credits Dmitriy Require...
WordPress Simple Author Box Plugin <= 2.3.22 is vulnerable to Cross Site Scripting (XSS)
Software Simple Author Box Type Plugin Vulnerable versions = 2.3.22 Fixed in 2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer WebFactory Ltd. PSID a31be070f305 Credits Rafie Muhammad Patchstack Required...
WordPress Easy Hide Login Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software Easy Hide Login Type Plugin Vulnerable versions = 1.0.8 Fixed in 1.0.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-31075 Patch priority Low CVSS severity Low 5.4 Developer WebFactory Ltd. PSID bee255c46b58 Credits konagash Required...
WordPress Easy Hide Login Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Software Easy Hide Login Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32505 Patch priority Low CVSS severity Low 5.9 Developer WebFactory Ltd. PSID 8942bd6e08ac Credits Rio Darmawan Required...
WordPress 301 Redirects Plugin <= 2.72 is vulnerable to Cross Site Request Forgery (CSRF)
Software 301 Redirects Type Plugin Vulnerable versions = 2.72 Fixed in 2.73 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer WebFactory Ltd. PSID 87fea3b40751 Credits Unknown Required privilege...
PT-2022-24190 · Unknown · Webfactory Under Construction Plugin
Name of the Vulnerable Software and Affected Versions: WebFactory Under Construction Plugin affected versions not specified Description: A problematic vulnerability has been found in the WebFactory Under Construction Plugin, affecting the Plugin Setting Handler component. This issue leads to...
CVE-2021-36908
Cross-Site Request Forgery CSRF vulnerability in WebFactory Ltd. WP Reset PRO plugin = 5.98 versions...
CVE-2021-36908
Cross-Site Request Forgery CSRF vulnerability in WebFactory Ltd. WP Reset PRO plugin = 5.98 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in WebFactory Ltd. WP Reset PRO plugin = 5.98 versions...
CVE-2021-36908 WordPress WP Reset PRO Premium Plugin <= 5.98 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in WebFactory Ltd. WP Reset PRO plugin = 5.98 versions...
CVE-2021-36908 WordPress WP Reset PRO Premium Plugin <= 5.98 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in WebFactory Ltd. WP Reset PRO plugin = 5.98 versions...
CVE-2021-36908
The CVE-2021-36908 affects WebFactory Ltd. WP Reset PRO plugin for WordPress, specifically versions
PT-2021-21401 · Webfactory · Wp Reset Pro
Name of the Vulnerable Software and Affected Versions: WebFactory Ltd. WP Reset PRO plugin versions = 5.98 Description: A Cross-Site Request Forgery CSRF issue affects the WebFactory Ltd. WP Reset PRO plugin. This type of issue allows an attacker to perform unintended actions on a user's behalf...
GHSA-754H-5R27-7X3R RCE in Symfony
Description ----------- The CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surroga...