CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38781 – WordPress CopySafe Web Protection plugin <= 3.15 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-38781
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArtistScope CopySafe Web Protection allows Reflected XSS.This issue affects CopySafe Web Protection: from n/a through 3.15. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en ArtistScope CopySafe Web Protection permite XSS reflejado. Este problema afecta a CopySafe Web Protection: desde n/a hasta 3.15. The CopySafe Web Protection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-copysafe-web/wordpress-copysafe-web-protection-plugin-3-15-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49000
https://notcve.org/view.php?id=CVE-2023-49000
An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. Un problema en ArtistScope ArtisBrowser v.34.1.5 y anteriores permite a un atacante omitir las restricciones de acceso previstas mediante la interacción con el componente com.artis.browser.IntentReceiverActivity. An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. NOTE: this is disputed by the vendor, who indicates that ArtisBrowser 34 does not support CSS3. • https://github.com/actuator/com.artis.browser/blob/main/CWE-94.md https://github.com/actuator/cve/blob/main/CVE-2023-49000 https://github.com/advisories/GHSA-866h-q63m-66xm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29098 – WordPress CopySafe Web Protection Plugin <= 3.13 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-29098
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin <= 3.13 versions. The CopySafe Web Protection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in versions up to, and including, 3.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wp-copysafe-web/wordpress-copysafe-web-protection-plugin-3-13-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8100 – CopySafe Web Protection < 2.6 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-8100
There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings. Hay CSRF en el plugin CopySafe Web Protection en versiones anteriores a 2.6 para WordPress, permitiendo a los atacantes cambiar la configuración del plugin. • http://seclists.org/fulldisclosure/2017/Apr/42 http://www.securityfocus.com/bid/98091 https://wordpress.org/plugins/wp-copysafe-web/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •