CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51488 – WordPress Crowdsignal Dashboard – Polls, Surveys & more Plugin <= 3.0.11 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51488
27 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more permite XSS Reflejado. Este problema afecta a... • https://patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-polls-ratings-plugin-3-0-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45069 – WordPress Crowdsignal Dashboard plugin <= 3.0.9 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2022-45069
17 Nov 2022 — Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress. Vulnerabilidad de escalada de privilegios autenticada (con permisos de colaboradores o superiores) en el complemento Crowdsignal Dashboard de Wordpress en versiones <= 3.0.9. The Crowdsignal Dashboard plugin for WordPress is vulnerable to Authorization Bypass in versions up to, and including, 3.0.9. This is due to missing authorization checks on the settings page that made it possible for contri... • https://patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-dashboard-plugin-3-0-9-privilege-escalation-vulnerability?_s_id=cve • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2386 – Crowdsignal Polls & Ratings < 3.0.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2386
18 Jul 2022 — The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting El plugin Crowdsignal Dashboard de WordPress versiones anteriores a 3.0.8, no sanea y escapa de un parámetro antes de devolverlo a la página, lo que conlleva a un ataque de tipo Cross-Site Scripting Reflejado The Crowdsignal Dashboard – Polls, Surveys & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via ... • https://wpscan.com/vulnerability/47855d4b-9f6a-4fc7-b231-4337f51c8886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •