2 results (0.003 seconds)

CVSS: 10.0EPSS: 30%CPEs: 15EXPL: 0

CVE-2022-40700 – Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins

https://notcve.org/view.php?id=CVE-2022-40700

03 Mar 2023 — Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Fru... • https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-18598 – Qards (All Versions) - Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2017-18598

11 Oct 2017 — The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php. El plugin Qards hasta el 11-10-2017 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de un documento remoto especificado en el parámetro url en el archivo html2canvasproxy.php. • https://wpvulndb.com/vulnerabilities/8934 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •