CVE-2023-51488 – WordPress Crowdsignal Dashboard – Polls, Surveys & more Plugin <= 3.0.11 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51488
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more permite XSS Reflejado. Este problema afecta a Crowdsignal Dashboard – Polls, Surveys & more: de n/a hasta 3.0.11. • https://patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-polls-ratings-plugin-3-0-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-45069 – WordPress Crowdsignal Dashboard plugin <= 3.0.9 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2022-45069
Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress. Vulnerabilidad de escalada de privilegios autenticada (con permisos de colaboradores o superiores) en el complemento Crowdsignal Dashboard de Wordpress en versiones <= 3.0.9. The Crowdsignal Dashboard plugin for WordPress is vulnerable to Authorization Bypass in versions up to, and including, 3.0.9. This is due to missing authorization checks on the settings page that made it possible for contributor-level attackers to load the ratings settings page and modify the settings. • https://patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-dashboard-plugin-3-0-9-privilege-escalation-vulnerability?_s_id=cve • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVE-2022-2386 – Crowdsignal Polls & Ratings < 3.0.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2386
The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting El plugin Crowdsignal Dashboard de WordPress versiones anteriores a 3.0.8, no sanea y escapa de un parámetro antes de devolverlo a la página, lo que conlleva a un ataque de tipo Cross-Site Scripting Reflejado The Crowdsignal Dashboard – Polls, Surveys & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mediaType' parameter in versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/47855d4b-9f6a-4fc7-b231-4337f51c8886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •