CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11844 – IdeaPush <= 8.71 - Missing Authorization to Board Term Deletion
https://notcve.org/view.php?id=CVE-2024-11844
02 Dec 2024 — The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete terms for the "boards" taxonomy. El complemento IdeaPush para WordPress es vulnerable a la modificación no autorizada de datos debido a una falta de verificación de capacidad en la función idea_push_... • https://plugins.trac.wordpress.org/browser/ideapush/trunk/ideapush.php#L766 • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37461 – WordPress IdeaPush plugin <= 8.65 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37461
01 Jul 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.65. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Martin Gibson IdeaPush permite XSS almacenado. Este problema afecta a IdeaPush: desde n/a hasta 8.65. The IdeaPush plugin for WordPress is vulnerable to Stored Cross-Site Scripting ... • https://patchstack.com/database/vulnerability/ideapush/wordpress-ideapush-plugin-8-65-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37265 – WordPress IdeaPush plugin <= 8.60 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37265
27 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.60. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Martin Gibson IdeaPush permite XSS almacenado. Este problema afecta a IdeaPush: desde n/a hasta 8.60. The IdeaPush plugin for WordPress is vulnerable to Stored Cross-Site Scripting ... • https://patchstack.com/database/vulnerability/ideapush/wordpress-ideapush-plugin-8-60-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47181 – WordPress IdeaPush Plugin <= 8.52 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-47181
31 Oct 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson IdeaPush plugin <= 8.52 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Autenticada (con permisos de admin o superiores) Almacenada en el complemento Martin Gibson IdeaPush en versiones <= 8.52. The IdeaPush plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.52 due to insufficient input sanitization and output escaping. This makes it possible for... • https://patchstack.com/database/vulnerability/ideapush/wordpress-ideapush-plugin-8-46-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •