CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45750 – WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45750
12 Oct 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <= 2.0.3 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento POSIMYTH Nexter Extension en versiones <= 2.0.3. The Nexter Extension plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ and 'post_id' parameters in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for u... • https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45751 – WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-45751
12 Oct 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3. Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en POSIMYTH Nexter Extension. Este problema afecta a Nexter Extension: desde n/a hasta 2.0.3. The Nexter Extension plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.3 via the nxt-code-php-snippet metabox. This allows ... • https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •