CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49740 – WordPress Seraphinite Accelerator Plugin <= 2.20.28 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-49740
01 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-Site Scripting') en Seraphinite Solutions Seraphinite Accelerator permite Reflected XSS. Este problema afecta a Seraphinite Accelerator: desde n/a hasta 2.20.28. The Sera... • https://patchstack.com/database/vulnerability/seraphinite-accelerator/wordpress-seraphinite-accelerator-plugin-2-20-28-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5611 – Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import
https://notcve.org/view.php?id=CVE-2023-5611
29 Oct 2023 — The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them El complemento Seraphinite Accelerator de WordPress anterior a la versión 2.20.32 no tiene autorización ni controles CSRF al restablecer e importar su configuración, lo que permite a los usuarios no autenticados restablecerla. The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery ... • https://wpscan.com/vulnerability/8cb8a5e9-2ab6-4d9b-9ffc-ef530e346f8d • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •