19 matches found
CVE-2023-40329
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPZest Custom Admin Login Page | WPZest plugin = 1.2.0 versions...
EUVD-2023-44916
Malicious code in bioql PyPI...
EUVD-2024-29956
Malicious code in bioql PyPI...
CVE-2024-9366
The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...
CVE-2024-32135
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1.51...
CVE-2024-9366 Easy Menu Manager | WPZest <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...
CVE-2024-9366 Easy Menu Manager | WPZest <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...
WordPress plugin WPZest 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...
CVE-2024-32135
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1.51...
CVE-2024-32135
CVE-2024-32135 refers to an SQL Injection flaw in the WPZest Disable Comments plugin for WordPress (Disable Comments | WPZest), affecting version up to 1.51. Connected sources confirm the vulnerability type and affected plugin, but do not provide a patch; patch status is listed as Unpatched. The ...
CVE-2024-32135 WordPress Disable Comments | WPZest plugin <= 1.51 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1.51...
CVE-2024-32135 WordPress Disable Comments | WPZest plugin <= 1.51 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1.51...
WordPress Disable Comments | WPZest Plugin <= 1.51 is vulnerable to SQL Injection
Software Disable Comments | WPZest Type Plugin Vulnerable versions = 1.51 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32135 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 13ff95260d62 Credits Dimas Maulana Required privilege...
CVE-2023-40329
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPZest Custom Admin Login Page | WPZest plugin = 1.2.0 versions...
CVE-2023-40329
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPZest Custom Admin Login Page | WPZest plugin = 1.2.0 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPZest Custom Admin Login Page | WPZest plugin = 1.2.0 versions...
CVE-2023-40329
CVE-2023-40329 affects the WordPress plugin WPZest Custom Admin Login Page (WPZest) up to version 1.2.0. The vulnerability is an authenticated Stored Cross-Site Scripting (XSS) flaw, where user input in admin settings is not properly validated/escaped, enabling XSS with admin privileges. Several ...
WordPress plugin custom-admin-login-styler-wpzest cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress Custom Admin Login Page | WPZest Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Custom Admin Login Page | WPZest Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40329 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1213e411287f Credits Lokesh...