8 matches found
EUVD-2023-12350
Malicious code in bioql PyPI...
CVE-2023-5127
The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with...
Cross site scripting
The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with...
CVE-2023-5127 WP Font Awesome <= 1.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with...
CVE-2023-5127
CVE-2023-5127 affects the WP Font Awesome WordPress plugin (versions ≤ 1.7.9). The vulnerability is a stored XSS via shortcode attributes, specifically the icon attribute, allowing authenticated users with contributor+ privileges to inject scripts into pages executed when viewed. Evidence from mu...
CVE-2023-0271
The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0271 WP Font Awesome < 1.7.9 - Contributor+ Stored XSS
The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0271
The CVE-2023-0271 entry concerns the WP Font Awesome WordPress plugin prior to version 1.7.9. The issue arises from insufficient validation and escaping of certain shortcode attributes, which can lead to Stored Cross-Site Scripting when the shortcode is embedded in a page or post. Affected produc...