12 matches found
EUVD-2021-34193
Malicious code in bioql PyPI...
EUVD-2024-42354
Malicious code in bioql PyPI...
CVE-2024-1586
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...
CVE-2024-3491 Schema & Structured Data for WP & AMP <= 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-1288
CVE-2024-1288 affects the Schema & Structured Data for WP & AMP WordPress plugin. The vulnerability is due to a missing capability check in the saswp_reviews_form_render function, allowing authenticated attackers with Contributor+ access to modify stored reCaptcha site/secret keys, potentially br...
CVE-2024-22146
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25...
WordPress Schema & Structured Data for WP & AMP Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS)
Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.23 Fixed in 1.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51677 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c9c204c67d47 Credits LVT-tholv2k Requir...
CVE-2021-4354
The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwpsplashscreenuploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites...
Authorization
The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwpupdatefeaturesoptions function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings...
CVE-2021-4366
The CVE-2021-4366 entry concerns the WordPress PWA for WP & AMP plugin. Affected component: pwaforwp_update_features_options function. Root cause: missing capability check leads to an authorization bypass in versions up to and including 1.7.32, allowing authenticated attackers to alter restricted...
CVE-2021-4366 PWA for WP & AMP < = 1.7.32 - Missing Authorization
The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwpupdatefeaturesoptions function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings...