Show filters
54 Total Results
Displaying 11-20 of 54
Sort by:
Attacker Value
Unknown

CVE-2024-3956

Disclosure Date: May 14, 2024 (last updated January 05, 2025)
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
0
Attacker Value
Unknown

CVE-2024-32108

Disclosure Date: April 11, 2024 (last updated April 12, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Convert Post Types.This issue affects Convert Post Types: from n/a through 1.4.
0
0
Attacker Value
Unknown

CVE-2023-6993

Disclosure Date: April 09, 2024 (last updated April 10, 2024)
The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
0
Attacker Value
Unknown

CVE-2024-31112

Disclosure Date: March 31, 2024 (last updated January 05, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stephanie Leary Convert Post Types allows Reflected XSS.This issue affects Convert Post Types: from n/a through 1.4.
0
0
Attacker Value
Unknown

CVE-2023-27440

Disclosure Date: March 26, 2024 (last updated April 02, 2024)
Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17.
0
0
Attacker Value
Unknown

CVE-2023-22674

Disclosure Date: December 21, 2023 (last updated December 29, 2023)
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types.This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-6293

Disclosure Date: November 24, 2023 (last updated December 01, 2023)
Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-32502

Disclosure Date: November 09, 2023 (last updated November 16, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin <= 1.0.7 versions.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-46781

Disclosure Date: November 06, 2023 (last updated November 15, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <= 1.5 versions.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-32116

Disclosure Date: October 26, 2023 (last updated October 31, 2023)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
View More Topics  < Previous  Next >