Lucene search
K

40 matches found

OSV
OSV
added 2023/12/15 4:15 p.m.3 views

CVE-2023-49747

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3...

5.4CVSS5.8AI score0.00374EPSS
Exploits0References1
Prion
Prion
added 2023/12/15 4:15 p.m.19 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3...

4.9CVSS6.9AI score0.00374EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/15 3:16 p.m.35 views

CVE-2023-49747 WordPress Guest Author Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3...

5.9CVSS5.9AI score0.00374EPSS
Exploits0References1
CVE
CVE
added 2023/12/15 3:16 p.m.74 views

CVE-2023-49747

CVE-2023-49747 refers to a Stored XSS in the WordPress plugin Guest Author (WebFactory Ltd) up to version 2.3. The vulnerability arises from improper neutralization of input during web page generation (author name), enabling injected scripts when users view pages. Public reports from Red Hat and ...

5.9CVSS6.7AI score0.00374EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.6 views

PT-2023-31323 · Webfactory · Guest Author

Name of the Vulnerable Software and Affected Versions: WebFactory Ltd Guest Author versions n/a through 2.3 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious...

5.9CVSS5.9AI score0.00374EPSS
Exploits0References6
Patchstack
Patchstack
added 2023/11/24 12:0 a.m.15 views

WordPress Captcha Code Plugin <= 2.9 is vulnerable to Bypass Vulnerability

Software Captcha Code Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-48745 Patch priority Low CVSS severity Low 5.3 Developer WebFactory Ltd. PSID c2ae3ab19d4d Credits qilin99 Required privilege...

5.3CVSS7AI score0.00352EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/27 12:0 a.m.16 views

WordPress Simple Author Box Plugin < 2.52 is vulnerable to Insecure Direct Object References (IDOR)

Software Simple Author Box Type Plugin Vulnerable versions 2.52 Fixed in 2.52 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3601 Patch priority Low CVSS severity Low 6.5 Developer WebFactory Ltd. PSID c55453b38919 Credits Dmitriy Require...

4.3CVSS6.8AI score0.0043EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.8 views

WordPress Simple Author Box Plugin <= 2.3.22 is vulnerable to Cross Site Scripting (XSS)

Software Simple Author Box Type Plugin Vulnerable versions = 2.3.22 Fixed in 2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer WebFactory Ltd. PSID a31be070f305 Credits Rafie Muhammad Patchstack Required...

6.1AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/05/12 12:0 a.m.9 views

WordPress Easy Hide Login Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Easy Hide Login Type Plugin Vulnerable versions = 1.0.8 Fixed in 1.0.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-31075 Patch priority Low CVSS severity Low 5.4 Developer WebFactory Ltd. PSID bee255c46b58 Credits konagash Required...

8.8CVSS6.7AI score0.00312EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/09 12:0 a.m.13 views

WordPress Easy Hide Login Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Easy Hide Login Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32505 Patch priority Low CVSS severity Low 5.9 Developer WebFactory Ltd. PSID 8942bd6e08ac Credits Rio Darmawan Required...

5.9CVSS5.8AI score0.00396EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/09 12:0 a.m.7 views

WordPress 301 Redirects Plugin <= 2.72 is vulnerable to Cross Site Request Forgery (CSRF)

Software 301 Redirects Type Plugin Vulnerable versions = 2.72 Fixed in 2.73 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer WebFactory Ltd. PSID 87fea3b40751 Credits Unknown Required privilege...

7AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.3 views

PT-2022-24190 · Unknown · Webfactory Under Construction Plugin

Name of the Vulnerable Software and Affected Versions: WebFactory Under Construction Plugin affected versions not specified Description: A problematic vulnerability has been found in the WebFactory Under Construction Plugin, affecting the Plugin Setting Handler component. This issue leads to...

5.7AI score
Exploits0References4
OSV
OSV
added 2021/11/18 3:15 p.m.5 views

CVE-2021-36908

Cross-Site Request Forgery CSRF vulnerability in WebFactory Ltd. WP Reset PRO plugin = 5.98 versions...

8.8CVSS5.8AI score0.00685EPSS
Exploits1References2
NVD
NVD
added 2021/11/18 3:15 p.m.14 views

CVE-2021-36908

Cross-Site Request Forgery CSRF vulnerability in WebFactory Ltd. WP Reset PRO plugin = 5.98 versions...

8.8CVSS0.00685EPSS
Exploits1References2
Prion
Prion
added 2021/11/18 3:15 p.m.15 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WebFactory Ltd. WP Reset PRO plugin = 5.98 versions...

6.8CVSS8.7AI score0.00685EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/11/18 2:37 p.m.3 views

CVE-2021-36908 WordPress WP Reset PRO Premium Plugin <= 5.98 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WebFactory Ltd. WP Reset PRO plugin = 5.98 versions...

8.8CVSS9AI score0.00685EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/11/18 2:37 p.m.19 views

CVE-2021-36908 WordPress WP Reset PRO Premium Plugin <= 5.98 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WebFactory Ltd. WP Reset PRO plugin = 5.98 versions...

8.8CVSS9.1AI score0.00685EPSS
Exploits1References2
CVE
CVE
added 2021/11/18 2:37 p.m.58 views

CVE-2021-36908

The CVE-2021-36908 affects WebFactory Ltd. WP Reset PRO plugin for WordPress, specifically versions

8.8CVSS8.9AI score0.00685EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/18 12:0 a.m.5 views

PT-2021-21401 · Webfactory · Wp Reset Pro

Name of the Vulnerable Software and Affected Versions: WebFactory Ltd. WP Reset PRO plugin versions = 5.98 Description: A Cross-Site Request Forgery CSRF issue affects the WebFactory Ltd. WP Reset PRO plugin. This type of issue allows an attacker to perform unintended actions on a user's behalf...

8.8CVSS8.6AI score0.00685EPSS
Exploits1References4
OSV
OSV
added 2020/09/02 5:29 p.m.78 views

GHSA-754H-5R27-7X3R RCE in Symfony

Description ----------- The CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surroga...

8CVSS8.7AI score0.03043EPSS
Exploits0References11
Rows per page
Query Builder