CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33936 – WordPress Print-O-Matic plugin <= 2.1.10 - Auth. Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33936
29 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Print-O-Matic allows Stored XSS.This issue affects Print-O-Matic: from n/a through 2.1.10. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Twinpictures Print-O-Matic permite almacenar XSS. Este problema afecta a Print-O-Matic: desde n/a hasta 2.1.10. The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross... • https://patchstack.com/database/vulnerability/print-o-matic/wordpress-print-o-matic-plugin-2-1-10-auth-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4753 – Print-O-Matic < 2.1.8 - Contributor+ Stored XSS via Shortcode
https://notcve.org/view.php?id=CVE-2022-4753
28 Dec 2022 — The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. El complemento Print-O-Matic de WordPress anterior a 2.1.8 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a la página, lo que podría permitir a los usuarios... • https://wpscan.com/vulnerability/5d72ec1f-5379-4d8e-850c-afe8b41bb126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24710 – Print-O-Matic < 2.0.3 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24710
11 Oct 2021 — The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin Print-O-Matic de WordPress versiones anteriores a 2.0.3, no escapa a algunas de sus configuraciones antes de imprimirlas en el atributo, lo que podría permitir a usuarios muy privilegiados llevar a cabo ataques de tipo Cross-Site Scripting inclu... • https://plugins.trac.wordpress.org/changeset/2610060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •