27 matches found
EUVD-2023-55612
Malicious code in bioql PyPI...
CVE-2025-7444
CVE-2025-7444 affects LoginPress Pro for WordPress. Versions up to and including 5.0.1 suffer an authentication bypass due to insufficient verification of the user returned by the social login token, enabling unauthenticated attackers to log in as any existing user (e.g., administrator) if they h...
CVE-2025-7444 LoginPress Pro <= 5.0.1 - Authentication Bypass via WordPress.com OAuth provider
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing...
CVE-2025-7444 LoginPress Pro <= 5.0.1 - Authentication Bypass via WordPress.com OAuth provider
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing...
CVE-2024-10858
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com...
CVE-2024-10858
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com...
CVE-2024-10858
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com...
CVE-2024-10858 Jetpack 13.0-14.0 - Unauthenticated DOM-XSS
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com...
CVE-2024-10858
CVE-2024-10858 concerns the Jetpack WordPress plugin (versions 13.x and earlier, with 14.1 as the fixed release). The root cause is improper validation of the postMessage origin, enabling a DOM-based cross-site scripting (XSS) bypass. Impact is DOM-XSS on affected sites, with notes indicating the...
PT-2024-16597 · WordPress · Jetpack
Name of the Vulnerable Software and Affected Versions: Jetpack WordPress plugin versions prior to 14.1 Description: The issue is related to the Jetpack WordPress plugin not properly checking the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The proble...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784...
CVE-2023-50879
CVE-2023-50879 is a stored XSS in WordPress.com Editing Toolkit (Automat ic WordPress.com Editing Toolkit) disclosed as Cross-Site Scripting via improper input neutralization. The entry shows affected: WordPress.com Editing Toolkit (up to version 3.78784). Root cause: improper input handling lead...
WordPress Plugin WordPress.com Editing Toolkit Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress WordPress.com Editing Toolkit Plugin <= 3.78784 is vulnerable to Cross Site Scripting (XSS)
Software WordPress.com Editing Toolkit Type Plugin Vulnerable versions = 3.78784 Fixed in 3.79153 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50879 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b5ab907cd855 Credits Rafie Muhammad...
Automattic: Stored XSS on wordpress.com
A Stored XSS vulnerability was found on WordPress.com via app.crowdsignal.com. An attacker could execute malicious script code in the victim user's browser and redirect them to malicious sites by creating a poll with a specific payload and sharing the link on a WordPress post. The vulnerability w...
Automattic: Stored XSS on wordpress.com
A Stored XSS vulnerability was found on WordPress.com via app.crowdsignal.com. An attacker could use this vulnerability to execute malicious script code in the victim user's browser and redirect them to malicious sites...
Automattic: Stored XSS in wordpress.com
Summary: Hello Team, I found the Stored XSS vulnerability in the Custom Style section, this vulnerability can result in an attacker to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, performing requests in the...
wordpress.com Cross Site Scripting vulnerability OBB-1221233
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Automattic: Stored XSS in wordpress.com
Summary: Stored XSS as a comment or as a post body or title at https://wordpress.com/read/feeds/blogid/posts/postid https://yoursubdomain.wordpress.com using the payload: Click Here=/iframe Steps To Reproduce: - As a comment 1. Log in to wordpress.com 2. Choose a post from the feeds 3. Add a...
WPintel - Chrome Extension Designed For WordPress Vulnerability Scanning And Information Gathering
WordPress Vulnerability Scanner - Scan for vulnerabilities, version, themes, plugins and much more! WPintel allows you to scan self hosted WordPress sites. With WPintel you can detect the following: Version Version vulnerabilities Plugins Themes Users and much more! Although WPintel is designed f...