CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52192 – WordPress Keap Official Opt-in Forms Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-52192
03 Jan 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 1.0.11. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('cross-site Scripting') en Keap Keap Official Opt-in Forms permite XSS almacenado. Este problema afecta a Keap Official Opt-in Forms: desde n/a hasta 1.0.11. The Keap Official Opt-in Forms ... • https://patchstack.com/database/vulnerability/infusionsoft-official-opt-in-forms/wordpress-keap-official-opt-in-forms-plugin-1-0-11-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6941 – Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-6941
21 Dec 2023 — The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). El complemento de WordPress Keap Official Opt-in Forms hasta la versión 1.0.11 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administ... • https://wpscan.com/vulnerability/58f7c9aa-5e59-468f-aba9-b15e7942fd37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44241 – WordPress Keap Landing Pages Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-44241
29 Sep 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <= 1.4.2 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Keap Keap Landing Pages en versiones <= 1.4.2. The Keap Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the editLandingPages() function. This makes it possible for unauthenticated attackers to modify the plugin... • https://patchstack.com/database/vulnerability/infusionsoft-landing-pages/wordpress-keap-landing-pages-plugin-1-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •