CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45833 – WordPress LeadSquared Suite Plugin <= 0.7.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45833
13 Oct 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LeadSquared Suite plugin <= 0.7.4 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento LeadSquared Suite en versiones <= 0.7.4. The LeadSquared Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenti... • https://patchstack.com/database/vulnerability/leadsquared-suite/wordpress-leadsquared-suite-plugin-0-7-4-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45047 – WordPress LeadSquared Suite Plugin <= 0.7.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45047
03 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <= 0.7.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento LeadSquared, Inc LeadSquared Suite en versiones <= 0.7.4. The LeadSquared Suite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.7.4. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke ... • https://patchstack.com/database/vulnerability/leadsquared-suite/wordpress-leadsquared-suite-plugin-0-7-4-cross-site-request-forgery-csrf-leading-to-form-deactivation-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •