CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51468 – WordPress Rencontre – Dating Site Plugin <= 3.10.1 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-51468
27 Dec 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Jacques Malgrange Rencontre – Dating Site. Este problema afecta a Rencontre – Dating Site: desde n/a hasta 3.10.1. The Rencontre – Dating Site plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 3.10.1. This makes... • https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-10-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51470 – WordPress Rencontre – Dating Site Plugin <= 3.11.1 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-51470
27 Dec 2023 — Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1. Vulnerabilidad de deserialización de datos no confiables en Jacques Malgrange Rencontre – Dating Site. Este problema afecta a Rencontre – Dating Site: desde n/a hasta 3.11.1. The Rencontre – Dating Site plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.11.1 via deserialization of untrusted input thro... • https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-11-1-authenticated-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13414 – Rencontre – Dating Site <= 3.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-13414
08 Jul 2019 — The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php. El plugin Rencontre anterior a versión 3.1.3 para WordPress, permite un problema de tipo XSS por medio del archivo inc/rencontre_widget.php. The Rencontre – Dating Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters found in the inc/rencontre_widget.php file such as 'pays' in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This ma... • https://plugins.trac.wordpress.org/changeset/2119248 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13413 – Rencontre – Dating Site <= 3.1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-13413
08 Jul 2019 — The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php. El plugin Rencontre anterior a versión 3.1.3 para WordPress, permite la Inyección SQL por medio del archivo inc/rencontre_widget.php. The Rencontre – Dating Site plugin for WordPress is vulnerable to SQL Injection via a few parameters found in the inc/rencontre_widget.php file, such as the 'region' parameter, in versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter an... • https://plugins.trac.wordpress.org/changeset/2119248 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •