CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52128 – WordPress White Label Plugin <= 2.9.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52128
28 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard. Este problema afecta a White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: desde n/a... • https://patchstack.com/database/vulnerability/white-label/wordpress-white-label-plugin-2-9-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24006 – WordPress WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups Plugin <= 2.6.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-24006
23 Jan 2023 — Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions. The WP Terms Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This o... • https://patchstack.com/database/vulnerability/wp-terms-popup/wordpress-wp-terms-popup-terms-and-conditions-and-privacy-policy-wordpress-popups-plugin-2-6-0-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39332 – Business Manager – WordPress ERP, HR, CRM, and Project Management Plugin <= 1.4.5 Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-39332
14 Oct 2021 — The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. El plugin Business Manager de WordPress es vulnerable a un ataque de tipo Cross-Si... • https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •