Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
widgets project widgets vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2024-22290
Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a up to and including 1.3.1.
Custom Dashboard Widgets Project Custom Dashboard Widgets
5.4
CVSSv3
CVE-2022-4785
The Video Sidebar Widgets WordPress plugin up to and including 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored ...
Video Sidebar Widgets Project Video Sidebar Widgets
5.4
CVSSv3
CVE-2022-4488
The Widgets on Pages WordPress plugin prior to 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...
Widgets On Pages Project Widgets On Pages
5.4
CVSSv3
CVE-2022-4460
The Sidebar Widgets by CodeLights WordPress plugin up to and including 1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting att...
Codelights-shortcodes-and-widgets Project Codelights-shortcodes-and-widgets
4.8
CVSSv3
CVE-2022-4619
The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Extra CSS class’ parameter in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authent...
Codelights-shortcodes-and-widgets Project Codelights-shortcodes-and-widgets
4.3
CVSSv3
CVE-2022-46160
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions before 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a pro...
Enalean Tuleap
8.8
CVSSv3
CVE-2021-43844
MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user's default browser. MSEdgeRedirect versions prior to 0.5.0.1 are vulnerable to Remote Code Execution via specifically crafted URLs. This vulnerability requires user interaction and the acc...
Msedgeredirect Project Msedgeredirect
5.4
CVSSv3
CVE-2020-9382
An issue exists in the Widgets extension up to and including 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function.
Widgets Project Widgets
5.4
CVSSv3
CVE-2015-9438
The display-widgets plugin prior to 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter.
Display-widgets Project Display-widgets
6.1
CVSSv3
CVE-2018-7274
Yab Quarx up to and including 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).
Quarx Cms Project Quarx Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »