2019 matches found
CVE-2024-50447 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce envo-elementor-for-woocommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a...
WordPress plugin Elementor Templates & Widgets for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2024-34214 · Unknown · Astra Widgets
Name of the Vulnerable Software and Affected Versions: Astra Widgets versions 1.2.14 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...
WordPress plugin Astra Widgets 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
WordPress Astra Widgets plugin <= 1.2.14 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Astra Widgets versions = 1.2.14...
WordPress Astra Widgets Plugin <= 1.2.14 is vulnerable to Cross Site Scripting (XSS)
Software Astra Widgets Type Plugin Vulnerable versions = 1.2.14 Fixed in 1.2.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50439 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID aae8162e86d9 Credits João Pedro S Alcântara Kinorth Require...
CVE-2024-49614
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SermonAudio SermonAudio Widgets sermonaudio-widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through = 1.9.3...
CVE-2024-49614
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3...
CVE-2024-49614 WordPress SermonAudio Widgets plugin <= 1.9.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3...
CVE-2024-49614
CVE-2024-49614 is a SQL Injection vulnerability in the WordPress plugin SermonAudio Widgets . The issue affects versions listed as “n/a through 1.9.3” and stems from improper neutralization of special elements used in SQL commands. Public references describe the vulnerability but do not provide c...
CVE-2024-49614 WordPress SermonAudio Widgets plugin <= 1.9.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SermonAudio SermonAudio Widgets sermonaudio-widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through = 1.9.3...
WordPress plugin SermonAudio Widgets SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
PT-2024-33569 · Dan Alexander · Sermonaudio Widgets
Name of the Vulnerable Software and Affected Versions: Dan Alexander SermonAudio Widgets versions n/a through 1.9.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection,...
WordPress SermonAudio Widgets plugin <= 1.9.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin SermonAudio Widgets versions = 1.9.3...
WordPress SermonAudio Widgets Plugin <= 1.9.3 is vulnerable to SQL Injection
Software SermonAudio Widgets Type Plugin Vulnerable versions = 1.9.3 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49614 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID b36bd1fd3f06 Credits João Pedro S Alcântara Kinorth Required privile...
CVE-2024-47312
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through = 1.4.1...
CVE-2024-47312 WordPress Classic Editor and Classic Widgets plugin <= 1.4.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through = 1.4.1...
CVE-2024-47312 WordPress Classic Editor and Classic Widgets plugin <= 1.4.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through = 1.4.1...
CVE-2024-47312
CVE-2024-47312 : SQL Injection in WordPress plugins “Classic Editor” and “Classic Widgets” (WPGrim) up to version 1.4.1. Root cause: improper neutralization of input in SQL queries, enabling attacker-controlled SQL when authenticated as a Subscriber. Affected: Classic Editor and Classic Widgets (...
SUSE CVE-2024-47779
Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...