CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30529 – WordPress Auto Load Next Post plugin <= 1.5.14 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-30529
24 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Sébastien Dumont Auto Load Next Post allows Cross Site Request Forgery. This issue affects Auto Load Next Post: from n/a through 1.5.14. The WordPress Infinite Scroll by Auto Load Next Post plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.14. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action grant... • https://patchstack.com/database/wordpress/plugin/auto-load-next-post/vulnerability/wordpress-auto-load-next-post-plugin-1-5-14-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55987 – WordPress Advanced What should we write next about plugin <= 1.0.3 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-55987
14 Dec 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ritesh Sanap Advanced What should we write next about allows SQL Injection.This issue affects Advanced What should we write next about: from n/a through 1.0.3. The Advanced What should we write next about plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ... • https://patchstack.com/database/wordpress/plugin/advanced-what-should-we-write-about-next/vulnerability/wordpress-advanced-what-should-we-write-next-about-plugin-1-0-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53789 – WordPress Advanced What should we write next about plugin <=1.0.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-53789
28 Nov 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanced What should we write next about allows Stored XSS.This issue affects Advanced What should we write next about: from n/a through 1.0.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Sanap Advanced What should we write next about permite XSS almacenado. Este problema afecta a Advanced What should we write next about desde n/a hasta 1.0.3. The Advanced What should we write next about plugin for WordPress is vulnerable to Cross-Si... • https://patchstack.com/database/wordpress/plugin/advanced-what-should-we-write-about-next/vulnerability/wordpress-advanced-what-should-we-write-next-about-plugin-1-0-3-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49663 – WordPress uCAT – Next Story plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49663
21 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elena Zhyvohliad uCAT – Next Story allows Reflected XSS.This issue affects uCAT – Next Story: from n/a through 2.0.0. The uCAT – Next Story plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages ... • https://patchstack.com/database/vulnerability/ucat-next-story/wordpress-ucat-next-story-plugin-2-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34793 – WordPress WP Next Post Navi plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34793
20 May 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kharim Tomlinson WP Next Post Navi allows Stored XSS.This issue affects WP Next Post Navi: from n/a through 1.8.3. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Kharim Tomlinson WP Next Post Navi permite XSS almacenado. Este problema afecta a WP Next Post Navi: desde n/a hasta 1.8.3. The WP Next Post Navi plugin for Wo... • https://patchstack.com/database/vulnerability/wp-next-post-navi/wordpress-wp-next-post-navi-plugin-1-8-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27966 – WordPress Quiz And Survey Master plugin <= 8.2.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-27966
13 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site Scripting') en ExpressTech Quiz And Survey Master permite XSS almacenado. Este problema afecta a Quiz And Survey Master: desde n/a hasta 8.2.2. The Quiz And Survey Master – Best Q... • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51521 – WordPress Quiz And Survey Master plugin <= 8.1.18 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-51521
27 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.18. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ExpressTech Quiz And Survey Master. Este problema afecta a Quiz And Survey Master: desde n/a hasta 8.1.18. The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.1.18. This is due to missing or incorrect nonce validation on severa... • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51507 – WordPress Quiz And Survey Master plugin <= 8.1.16 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51507
27 Dec 2023 — Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16. Vulnerabilidad de autorización faltante en ExpressTech Quiz And Survey Master. Este problema afecta a Quiz And Survey Master: desde n/a hasta 8.1.16. The Quiz And Survey Master plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on one of its functions in versions up to, and including, 8.1.16. This ... • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-16-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37984 – WordPress Quiz And Survey Master plugin <= 8.1.10 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-37984
17 Jul 2023 — Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10. The Quiz And Survey Master plugin for WordPress is vulnerable to exessive quiz attempts due to a missing validation checks on the ajax_submit_results() function in versions up to, and including, 8.1.10. This makes it possible for unauthenticated attackers to bypass the set limits for the number of... • https://patchstack.com/database/wordpress/plugin/quiz-master-next/vulnerability/wordpress-quiz-and-survey-master-plugin-8-1-10-broken-access-control-vulnerability?_s_id=cve • CWE-799: Improper Control of Interaction Frequency CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27919
https://notcve.org/view.php?id=CVE-2023-27919
10 May 2023 — Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated attacker to alter the information stored in the system. • https://jvn.jp/en/jp/JVN50862842 • CWE-287: Improper Authentication •