2027 matches found
CVE-2024-5901
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-5901
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-5901
CVE-2024-5901 affects SiteOrigin Widgets Bundle (WordPress) up to version 1.62.2. It is a Stored Cross-Site Scripting vulnerability in the Image Grid widget caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at least contributor-level ...
WordPress SiteOrigin Widgets Bundle plugin <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting in Image Grid widget vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.62.2...
WordPress SiteOrigin Widgets Bundle Plugin <= 1.62.2 is vulnerable to Cross Site Scripting (XSS)
Software SiteOrigin Widgets Bundle Type Plugin Vulnerable versions = 1.62.2 Fixed in 1.62.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5901 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ee6a602a0665 Credits Ngô Thiên An...
WordPress plugin SiteOrigin Widgets Bundle 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2024-37235 · WordPress · Siteorigin Widgets Bundle
Name of the Vulnerable Software and Affected Versions: SiteOrigin Widgets Bundle plugin for WordPress versions up to, and including, 1.62.2 Description: The issue is related to Stored Cross-Site Scripting via the Image Grid widget due to insufficient input sanitization and output escaping on...
phpIPAM 安全漏洞
phpIPAM is the phpIPAM open source suite of open source PHP and MySQL based IP address management applications IPAM. A security vulnerability exists in phpIPAM version 1.6, which stems from a cross-site scripting vulnerability contained in the /app/admin/widgets/edit.php file...
[SECURITY] Fedora 39 Update: gtk3-3.24.43-1.fc39
GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites. This package contains version 3 of GTK+...
CVE-2024-37918
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCone ConeBlog – WordPress Blog Widgets coneblog-widgets.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through = 1.4.8...
CVE-2024-37918
CVE-2024-37918 affects ConeBlog – WordPress Blog Widgets (ConeBlog Widgets) for WordPress. Described as an stored XSS due to Improper Neutralization of Input During Web Page Generation, impacting ConeBlog Widgets versions from n/a through 1.4.8. The connected records confirm the same vulnerabilit...
PT-2024-27823 · WordPress · Coneblog – Wordpress Blog Widgets
Name of the Vulnerable Software and Affected Versions: ConeBlog – WordPress Blog Widgets versions 1.4.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...
CVE-2023-7268
The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets...
CVE-2023-7268 ArtPlacer Widget < 2.21.2 - Subscriber+ Arbitrary Widget Deletion
The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets...
CVE-2024-38715
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1...
CVE-2024-38715 WordPress ExS Widgets plugin <= 0.3.1 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1...
CVE-2024-38715 WordPress ExS Widgets plugin <= 0.3.1 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1...
CVE-2024-38715
CVE-2024-38715 is an ExS Widgets vulnerability described as an improper limitation of a pathname enabling PHP Local File Inclusion (LFI). The vulnerability affects ExS Widgets versions up to and including 0.3.1, as reported in Red Hat and security trackers, and is associated with path traversal t...
WordPress plugin ExS Widgets path traversal vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
WordPress ExS Widgets plugin <= 0.3.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin ExS Widgets versions = 0.3.1...