Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

amauric

Source -

CNA

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2024-13888
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-0.72% / 71.48%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 08:22
Updated-25 Feb, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPMobile.App <= 11.56 - Open Redirect via 'redirect' Parameter

The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Action-Not Available
Vendor-amauriamauric
Product-wpmobile.appWPMobile.App
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-12420
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 64.62%
||
7 Day CHG+0.15%
Published-13 Dec, 2024 | 08:24
Updated-16 Dec, 2024 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPMobile.App — Android and iOS Mobile Application <= 11.52 - Unauthenticated Arbitrary Shortcode Execution

The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Action-Not Available
Vendor-amauric
Product-WPMobile.App — Android and iOS Mobile Application
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-3620
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.6||MEDIUM
EPSS-0.12% / 32.38%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 14:55
Updated-30 Oct, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Stored in amauric/tarteaucitron.js

Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1.

Action-Not Available
Vendor-tarteaucitronamaurictarteaucitron
Product-tarteaucitronamauric/tarteaucitron.jstarteaucitron
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')