CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2488 – Stop Spammers Security < 2023 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-2488
15 May 2023 — The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin The Stop Spammers Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 2022.6 due to insufficient input sanitization and output e... • https://wpscan.com/vulnerability/60226669-0b7b-441f-93d4-b5933e69478f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2489 – Stop Spammers Security < 2023 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-2489
15 May 2023 — The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) The Stop Spammers Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2022.6 due to insufficient input sa... • https://wpscan.com/vulnerability/dcbe3334-357a-4744-b50c-309d10cca30d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4120 – Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2022-4120
05 Dec 2022 — The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain El complemento Stop Spammers Security | Block Spam Users, Comments, Forms de WordPress anterior a 2022.6 pasa la entrada del usuario codificada en base64 a la función PHP unserialize() cuando se usa CAPTCH... • https://wpscan.com/vulnerability/e8bb79db-ef77-43be-b449-4c4b5310eedf • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24517 – Stop Spammers Security < 2021.18 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24517
09 Aug 2021 — The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfiltered_html capability is disallowed El plugin Stop Spammers Security | Block Spam Users, Comments, Forms WordPress versiones anteriores a 2021.18, no escapa de algunos de sus ajustes, permitiendo a usuarios con altos privilegios como el administrador establecer ataques d... • https://wpscan.com/vulnerability/f440edd8-94fe-440a-8a5b-e3d24dcfcbc1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2021-24245 – Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24245
08 Apr 2021 — The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue. El plugin Stop Spammers WordPress versiones anteriores a 2021.9, no escapó de la entrada del usuario al bloquear peticiones (como hacer coincidir una palabra de spam), emitiéndolo en un atributo después de sanearlo para eliminar etique... • https://www.exploit-db.com/exploits/49880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •