CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9354 – Estatik Mortgage Calculator <= 2.0.11 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-9354
06 Jan 2025 — The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'color' parameter in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Estatik Mortgage Calculator para WordPress es vulnerable a cross s... • https://plugins.trac.wordpress.org/browser/estatik-mortgage-calculator/trunk/public/images/info.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6050 – Estatik Real Estate Plugin < 4.1.1 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-6050
15 Jan 2024 — The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento de WordPress Estatik Real Estate Plugin anterior a 4.1.1 no sanitiza ni escapa varios parámetros y URL generadas antes de devolverlos en atributos, lo que genera cross site scripting reflejado que podría usarse contra usu... • https://wpscan.com/vulnerability/c08e0f24-bd61-4e83-a555-363568cf0e6e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6048 – Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update
https://notcve.org/view.php?id=CVE-2023-6048
25 Dec 2023 — The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset El complemento de WordPress Estatik Real Estate Plugin anterior a 4.1.1 no impide que los usuarios con privilegios bajos en el sitio, como los suscriptores, establezcan cualquiera de las opciones del sitio en 1, lo que podría usarse para interrumpir s... • https://wpscan.com/vulnerability/74cb07fe-fc82-472f-8c52-859c176d9e51 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6049 – Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-6049
25 Dec 2023 — The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog El complemento de WordPress Estatik Real Estate Plugin anterior a 4.1.1 deserializa la entrada del usuario a través de algunas de sus cookies, lo que podría permitir a usuarios no autenticados realizar inyección de objetos PHP cuando hay una cadena de gadgets adecuada presente ... • https://wpscan.com/vulnerability/8cfd8c1f-2834-4a94-a3fa-c0cfbe78a8b7 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40601 – WordPress Mortgage Calculator Estatik Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-40601
17 Aug 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada no autenticada en el plugin Estatik Mortgage Calculator en versiones anteriores, e incluyendo, la 2.0.7. The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible... • https://patchstack.com/database/vulnerability/estatik-mortgage-calculator/wordpress-mortgage-calculator-estatik-plugin-2-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28490 – WordPress Mortgage Calculator Estatik Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28490
16 Mar 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Estatik Estatik Mortgage Calculator <= versiones 2.0.7. The WordPress Mortgage Calculator Estatik plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This... • https://patchstack.com/database/vulnerability/estatik-mortgage-calculator/wordpress-wordpress-mortgage-calculator-estatik-plugin-2-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10958 – Estatik <= 2.2.5 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2016-10958
01 Aug 2016 — The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. El plugin estatik versiones anteriores a 2.3.0 para WordPress, presenta una carga de archivos arbitrarios no autenticada por medio de la función es_media_images[] en el archivo wp-admin/admin-ajax.php. • https://estatik.net/estatik-released-security-updates • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10959 – Estatik <= 2.3.0 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2016-10959
01 Aug 2016 — The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. El plugin estatik versiones anteriores a 2.3.1 para WordPress, presenta una carga de archivos arbitrarios autenticada (explotable con un ataque de tipo CSRF) por medio de la función es_media_images[] en el archivo • https://wordpress.org/plugins/estatik/#developers • CWE-352: Cross-Site Request Forgery (CSRF) CWE-434: Unrestricted Upload of File with Dangerous Type •