CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22297 – WordPress CBX Map for Google Map & OpenStreetMap Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-22297
17 Jan 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap allows Stored XSS.This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through 1.1.11. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('Cross-site Scripting') en Codeboxr CBX Map para Google Map y OpenStreetMap permite XSS almacenado. Este problema afecta a CBX Map para Google Map y OpenStreetMa... • https://patchstack.com/database/vulnerability/cbxgooglemap/wordpress-cbx-map-for-google-map-openstreetmap-plugin-1-1-11-cross-site-scripting-xss-vulnerability-2?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51514 – WordPress CBX Bookmark & Favorite Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51514
27 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeboxr Team CBX Bookmark & Favorite allows Stored XSS.This issue affects CBX Bookmark & Favorite: from n/a through 1.7.13. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site Scripting') en Codeboxr Team CBX Bookmark & Favorite permite almacenar XSS. Este problema afecta a CBX Bookmark & Favorite: desde n/a hasta 1.7.13. The CBX Bookmark &... • https://patchstack.com/database/vulnerability/cbxwpbookmark/wordpress-cbx-bookmark-favorite-plugin-1-7-13-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28747 – WordPress CBX Currency Converter Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28747
22 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <= 3.0.3 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento codeboxr CBX Currency Converter en versiones <=3.0.3. The CBX Currency Converter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.3. This is due to missing or incorrect nonce validation on the 'get_settings_fields' function. This makes it possible for unauthenticated attacker... • https://patchstack.com/database/vulnerability/cbcurrencyconverter/wordpress-cbx-currency-converter-plugin-3-0-3-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4383 – CBX Petition for WordPress <= 1.0.3 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-4383
27 Dec 2022 — The CBX Petition for WordPress plugin through 1.0.3 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. Las versiones del complemento CBX Petition de WordPress hasta la versión 1.0.3 no sanitizan ni escapan adecuadamente un parámetro antes de usarlo en una declaración SQL a través de una acción AJAX disponible para usuarios no autenticados, lo que lleva a una inyección SQL. The CBX Petition fo... • https://wpscan.com/vulnerability/e0fe5a53-8ae2-4b67-ac6e-4a8860e39035 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •