CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45821 – WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-45821
27 Jun 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions. Vulnerabilidad de Cross-Site Scripting (XSS) autenticado (con permisos de colaborador o superior) almacenado en el plugin NooTheme Noo Timetable en versiones anteriores e incluyendo la 2.1.3. The NOO Timetable plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it p... • https://patchstack.com/database/vulnerability/noo-timetable/wordpress-noo-timetable-responsive-calendar-auto-sync-wordpress-plugin-plugin-2-1-3-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45828 – WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-45828
27 Jun 2023 — Cross-Site Request Forgery (CSRF) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions. The NOO Timetable plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Cross-Site Req... • https://patchstack.com/database/vulnerability/noo-timetable/wordpress-noo-timetable-responsive-calendar-auto-sync-wordpress-plugin-plugin-2-1-3-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1166 – JobMonster < 4.6.6.1 - Directory Listing in Upload Folder
https://notcve.org/view.php?id=CVE-2022-1166
11 Sep 2020 — The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen. El tema JobMonster era vulnerable a un Listado de Directorios en la carpeta /wp-content/uploads/jobmonster/, ya que no incluía un archivo PH... • https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1170 – JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1170
24 Oct 2019 — In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. En el tema Noo JobMonster de WordPress versiones anteriores a 4.5.2.9, JobMonster se presenta una vulnerabilidad de tipo XSS como la entrada para el formulario de búsqueda es proporcionada mediante peticiones GET sin sanear • https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •