CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6938 – Oxygen Builder <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
https://notcve.org/view.php?id=CVE-2023-6938
05 Jan 2024 — The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Version 4.8.1 of the Oxygen Builder plugin for WordPress addresses this vulnerability by implementing an ... • https://oxygenbuilder.com/oxygen-4-8-1-now-available • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46841 – WordPress Oxygen Builder Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46841
20 Jul 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Soflyy Oxygen Builder en versiones <= 4.4. The Oxygen plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 4.4. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site admin... • https://patchstack.com/database/vulnerability/oxygen/wordpress-oxygen-builder-plugin-4-6-2-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2816 – Oxygen 2.0 - 'repquote' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2816
23 Jun 2008 — SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin Board) 2.0 allows remote attackers to execute arbitrary SQL commands via the repquote parameter in a reply action, a different vector than CVE-2006-1572. Vulnerabilidad de inyección SQL en post.php de Oxygen (también conocido como O2PHP Bulletin Board) 2.0 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro repquote en una acción reply, un vector distinto a CVE-2006-1572. • https://www.exploit-db.com/exploits/5828 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2006-6280 – Oxygen 1.1.3 (O2PHP Bulletin Board) - SQL Injection
https://notcve.org/view.php?id=CVE-2006-6280
04 Dec 2006 — SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulletin Board) 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572. Vulnerabilidad de inyección SQL en viewthread.php de Oxygen (O2PHP Bulletin Board) 1.1.3 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro pid, un vector distinto de CVE-2006-1572. • https://www.exploit-db.com/exploits/2810 •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 1CVE-2006-1572 – O2PHP Oxygen 1.0/1.1 - 'post.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-1572
01 Apr 2006 — SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action. • https://www.exploit-db.com/exploits/27535 •