CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1904 – Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
https://notcve.org/view.php?id=CVE-2022-1904
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting El plugin Pricing Tables de WordPress versiones anteriores a 3.2.1, no sanea y escapa el parámetro antes de devolverlo a una página disponible para cualquier usuario (tanto autenticado como no autenticado) cuando es habilitada una configuración específica, conllevando a un Cross-Site Scripting Reflejado The Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the multiple parameters in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping in the ptp_design4_color_columns() function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36866 – WordPress Easy Pricing Tables plugin <= 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36866
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Autenticado (rol de autor o superior) Almacenado en el plugin Fatcat Apps Easy Pricing Tables versiones anteriores a 3.1.2 incluyéndola, en WordPress • https://patchstack.com/database/vulnerability/easy-pricing-tables/wordpress-easy-pricing-tables-plugin-3-1-2-authenticated-stored-cross-site-scripting-xss-vulnerability https://wordpress.org/plugins/easy-pricing-tables/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25098 – Easy Pricing Tables < 3.1.3 - Arbitrary Post Removal via CSRF
https://notcve.org/view.php?id=CVE-2021-25098
The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash El plugin Pricing Tables de WordPress versiones anteriores a 3.1.3, no verifica el nonce de tipo CSRF cuando son eliminadas entradas, permitiendo a atacantes hacer que un administrador conectado elimine entradas arbitrarias del blog por medio de un ataque de tipo CSRF, que serán depositadas en la papelera • https://wpscan.com/vulnerability/960a634d-a88a-4d90-9ac3-7d24b1fe07fe • CWE-352: Cross-Site Request Forgery (CSRF) •