27 results (0.014 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00. • https://www.facebook.com/security/advisories/cve-2024-45863 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00. • https://www.facebook.com/security/advisories/cve-2024-45773 •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en ThemeNcode Fan Page Widget by ThemeNcode permite almacenar XSS. Este problema afecta el widget de página de fans de ThemeNcode: desde n/a hasta 2.0. The Fan Page Widget by ThemeNcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/facebook-fan-page-widget/wordpress-fan-page-widget-by-themencode-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters All-in-one Like Widget allows Stored XSS.This issue affects All-in-one Like Widget: from n/a through 2.2.7. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Jeroen Peters All-in-one Like Widget permite almacenar XSS. Este problema afecta el widget Me gusta todo en uno: desde n/a hasta 2.2.7 . The All-in-one Like Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/all-in-one-facebook-like-widget/wordpress-all-in-one-like-widget-plugin-2-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3. Vulnerabilidad de autorización faltante en GenialSouls WP Social Comments. Este problema afecta a WP Social Comments: desde n/a hasta 1.7.3. The WP Social Comments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_allow_comments() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to turn on comments for posts. • https://patchstack.com/database/vulnerability/gs-facebook-comments/wordpress-wp-social-comments-plugin-1-7-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •