CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51425 – WordPress Rencontre plugin <= 3.10.1 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2023-51425
27 Dec 2023 — Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. Una vulnerabilidad de gestión de privilegios inadecuada en Jacques Malgrange Rencontre – Dating Site permite una escalada de privilegios. Este problema afecta a Rencontre – Dating Site: desde n/a hasta 3.10.1. The Rencontre plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.10.... • https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-10-1-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51470 – WordPress Rencontre – Dating Site Plugin <= 3.11.1 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-51470
27 Dec 2023 — Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1. Vulnerabilidad de deserialización de datos no confiables en Jacques Malgrange Rencontre – Dating Site. Este problema afecta a Rencontre – Dating Site: desde n/a hasta 3.11.1. The Rencontre – Dating Site plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.11.1 via deserialization of untrusted input thro... • https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-11-1-authenticated-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13414 – Rencontre – Dating Site <= 3.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-13414
08 Jul 2019 — The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php. El plugin Rencontre anterior a versión 3.1.3 para WordPress, permite un problema de tipo XSS por medio del archivo inc/rencontre_widget.php. The Rencontre – Dating Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters found in the inc/rencontre_widget.php file such as 'pays' in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This ma... • https://plugins.trac.wordpress.org/changeset/2119248 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13413 – Rencontre – Dating Site <= 3.1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-13413
08 Jul 2019 — The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php. El plugin Rencontre anterior a versión 3.1.3 para WordPress, permite la Inyección SQL por medio del archivo inc/rencontre_widget.php. The Rencontre – Dating Site plugin for WordPress is vulnerable to SQL Injection via a few parameters found in the inc/rencontre_widget.php file, such as the 'region' parameter, in versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter an... • https://plugins.trac.wordpress.org/changeset/2119248 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •