13 matches found
EUVD-2023-25618
Malicious code in bioql PyPI...
PT-2025-22826 · WordPress · Pagelayer
Name of the Vulnerable Software and Affected Versions: The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress versions prior to 2.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Button widget due to insufficient input sanitization an...
CVE-2023-21450
Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting...
PT-2025-9158 · WordPress · The Page Builder By Siteorigin
Name of the Vulnerable Software and Affected Versions: The Page Builder by SiteOrigin plugin for WordPress versions up to, and including, 2.31.4 Description: The issue is related to Stored Cross-Site Scripting via the Embedded VideoPB widget due to insufficient input sanitization and output...
PT-2024-39052 · WordPress · Phlox
Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme plugin for WordPress versions up to, and including, 2.16.3 Description: The issue is related to Stored Cross-Site Scripting via the url parameter in the Modern Heading and Icon Picker widgets. Thi...
PT-2024-19018 · WordPress · Vk All In One Expansion Unit
Name of the Vulnerable Software and Affected Versions: VK All in One Expansion Unit plugin for WordPress versions up to, and including, 9.96.0.1 Description: The issue is related to Stored Cross-Site Scripting via the child page index widget due to insufficient input sanitization and output...
PT-2024-20776 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.3.6 Liferay DXP 7.3 before service pack 3 Liferay DXP 7.2 before fix pack 13 Description: The Document and Media widget in Liferay Portal does not limit resource consumption when generating a preview...
PT-2024-15125 · 10Web · The Photo Gallery By 10Web
Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web plugin for WordPress versions up to, and including, 1.8.18 Description: The issue is related to Stored Cross-Site Scripting via widgets due to insufficient input sanitization and output escaping on user-supplied...
CVE-2023-21450
Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices prior to version 6.1.21, which stems from an Authorization Default vulnerability that can be...
CVE-2023-21450
Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting...
CVE-2023-21450
Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting...
Cross-Site Request Forgery(CSRF)
Wordpress is vulnerable to cross-site request forgery CSRF attacks. The attacks can be launched because wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php have flaws, allowing the widget-access action requests to be hijacked by the attackers...