183 matches found
PT-2024-39371 · Wpzoom · Wpzoom Shortcodes
Name of the Vulnerable Software and Affected Versions: WPZOOM Shortcodes plugin for WordPress versions up to, and including, 1.0.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'box' shortcode due to insufficient input sanitization and output escaping on...
WordPress plugin WPZOOM Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress WPZOOM Shortcodes plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via box Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WPZOOM Shortcodes versions = 1.0.5...
WordPress WPZOOM Shortcodes Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)
Software WPZOOM Shortcodes Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9027 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 023d928af205 Credits Peter Thaleikis Required...
WordPress WPZOOM Portfolio Lite plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via align Attribute vulnerability discovered by Francesco Carlucci in WordPress Plugin WPZOOM Portfolio versions = 1.4.4...
WordPress WPZOOM Portfolio Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)
Software WPZOOM Portfolio Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8276 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5e6e6f313600 Credits Francesco Carlucci...
CVE-2024-8276
The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping...
CVE-2024-8276
CVE-2024-8276 (WPZOOM Portfolio Lite – Filterable Portfolio Plugin) affects WordPress WPZOOM Portfolio Lite. It allows Stored XSS via the align attribute in the wp:wpzoom-blocks Gutenberg block for all versions up to 1.4.4, caused by insufficient input sanitization and output escaping. Exploitati...
CVE-2024-8276 WPZOOM Portfolio Lite – Filterable Portfolio Plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute
The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping...
WordPress plugin WPZOOM Portfolio Lite 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PT-2024-38906 · Wpzoom · Wpzoom Portfolio Lite – Filterable Portfolio Plugin
Name of the Vulnerable Software and Affected Versions: WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Stored Cross-Site Scripting via the align attribute within the 'wp:wpzoom-blocks' Gutenberg blo...
CVE-2024-37464
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.5...
CVE-2024-37464
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.5...
CVE-2024-37464
CVE-2024-37464 corresponds to an authenticated Local File Inclusion (path traversal) in Beaver Builder Addons by WPZOOM. Public sources in Connected Documents report that affected software is Beaver Builder Addons by WPZOOM, with versions from n/a through 1.3.5, and that the issue enables local f...
CVE-2024-37464 WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.5 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.5...
CVE-2024-37464 WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.5 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.5...
WordPress plugin Beaver Builder Addons by WPZOOM Path Traversal Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...
WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.5...
WordPress Beaver Builder Addons by WPZOOM Plugin <= 1.3.5 is vulnerable to Local File Inclusion
Software Beaver Builder Addons by WPZOOM Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A5: Security Misconfiguration Classification Local File Inclusion CVE CVE-2024-37464 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID d25d4ebd9af1 Credits João Pedro...
CVE-2024-5686
The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes ...