3 results (0.008 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Fetch Designs Sign-up Sheets en versiones &lt;= 2.2.8. The Sign-up Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.8. This is due to missing nonce validation on the maybeProcessReset() and maybeProcessSave() functions. This makes it possible for unauthenticated attackers to save and reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/sign-up-sheets/wordpress-sign-up-sheets-plugin-2-2-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the 'All Sheets' page in the admin dashboard El plugin Sign-up Sheets WordPress versiones anteriores a 1.0.14, no saneaba o escapaba de algunos de sus campos cuando se crea una nueva hoja, permitiendo a usuarios con altos privilegios añadir JavaScript en ellos, conllevando un problema de tipo Cross-Site Scripting Almacenado. Las cargas útiles son desencadenadas cuando se visualiza la página "All Sheets" en el panel de administración • https://wpscan.com/vulnerability/ba4503f7-684e-4274-bc53-3aa848712496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue El plugin Sign-up Sheets WordPress versiones anteriores a 1.0.14, no sanea ni comprueba el título Sheet cuando genera el CSV para exportar, lo que podría conllevar a un problema de inyección CSV • https://wpscan.com/vulnerability/ec9292b1-5cbd-4332-bdb6-2351c94f5ac6 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •