CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47552 – WordPress Image Hover Effects Plugin <= 5.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47552
07 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image Hover Effects – WordPress Plugin.This issue affects Image Hover Effects – WordPress Plugin: from n/a through 5.5. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Labib Ahmed Image Hover Effects – WordPress Plugin. Este problema afecta a Image Hover Effects – WordPress Plugin: desde n/a hasta 5.5. The Image Hover Effects plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.5. This is du... • https://patchstack.com/database/vulnerability/image-hover-effects/wordpress-image-hover-effects-plugin-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4010 – Image Hover Effects < 5.5 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4010
20 Nov 2022 — The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). El complemento de WordPress Image Hover Effects anterior a 5.5 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques d... • https://wpscan.com/vulnerability/bed8c81c-04c7-412d-9563-ce4eb64b7754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36888 – WordPress Image Hover Effects Ultimate plugin <= 9.6.1 - Unauthenticated Arbitrary Options Update leading to full website compromise
https://notcve.org/view.php?id=CVE-2021-36888
15 Dec 2021 — Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. Una vulnerabilidad de actualización de opciones arbitrarias no autenticadas que conlleva a un compromiso total del sitio web detectada en el plugin Image Hover Effects Ultimate de WordPress (versiones anteriores a 9.6.1 incluyéndola) • https://patchstack.com/database/vulnerability/image-hover-effects-ultimate/wordpress-image-hover-effects-ultimate-plugin-9-6-1-unauthenticated-arbitrary-options-update-leading-to-full-website-compromise • CWE-284: Improper Access Control CWE-306: Missing Authentication for Critical Function •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24264 – Image Hover Effects - Elementor Addon < 1.3.4 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2021-24264
13 Apr 2021 — The “Image Hover Effects – Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. El Plugin de WordPress "Image Hover Effects - Elementor Addon" versiones anteriores a 1.3.4, presenta un widget que es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) almacenado por usuarios con menos privilegios, como los contribuyentes, todo por medio de un método similar • https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •