4 results (0.009 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS.This issue affects Print My Blog: from n/a through 3.27.0. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Michael Nelson Print My Blog permite XSS almacenado. Este problema afecta a Print My Blog: desde n/a hasta 3.27.0. The Print My Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.27.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/print-my-blog/wordpress-print-my-blog-plugin-3-27-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in Michael Nelson Print My Blog.This issue affects Print My Blog: from n/a through 3.26.2. Vulnerabilidad de falta de autorización en Michael Nelson Print My Blog. Este problema afecta a Print My Blog: desde n/a hasta 3.26.2. The Print My Blog – Print, PDF, & eBook Converter WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions like the saveProjectGenerate() function in all versions up to, and including, 3.26.2. This makes it possible for unauthenticated attackers, to update projects. • https://patchstack.com/database/vulnerability/print-my-blog/wordpress-print-my-blog-plugin-3-26-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link El plugin Print My Blog de WordPress versiones anteriores a 3.4.2, no aplica las comprobaciones de nonce (CSRF), lo que permite a atacantes hacer que los administradores que han iniciado sesión desactiven el plugin Print My Blog y eliminen todos los datos guardados para ese plugin al engañarlos para que abran un enlace malicioso The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link. • https://wpscan.com/vulnerability/db8ace7b-7a44-4620-9fe8-ddf0ad520f5e • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter. El plugin Print My Blog, versiones anteriores a 1.6.7, para WordPress, puede sufrir un ataque Server Side Request Forgery (SSRF) a través del parámetro site. Server-Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter. • http://dumpco.re/bugs/wp-plugin-print-my-blog-ssrf https://github.com/mnelson4/printmyblog/commit/8584a2839a541eb29fca64252e388c827af3ec21 https://plugins.trac.wordpress.org/changeset?old_path=%2Fprint-my-blog%2Ftrunk&old=2075667&new_path=%2Fprint-my-blog%2Ftrunk&new=2075667 https://wordpress.org/plugins/print-my-blog/#developers https://wpvulndb.com/vulnerabilities/9263 • CWE-918: Server-Side Request Forgery (SSRF) •