CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49274 – WordPress VOD Infomaniak plugin <= 1.5.7 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-49274
14 Oct 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7. The VOD Infomaniak plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the vod_admin_menu() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can t... • https://patchstack.com/database/vulnerability/vod-infomaniak/wordpress-vod-infomaniak-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33571 – WordPress VOD Infomaniak plugin <= 1.5.6 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33571
25 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Staff VOD Infomaniak allows Reflected XSS.This issue affects VOD Infomaniak: from n/a through 1.5.6. Vulnerabilidad de neutralización incorrecta de entradas durante la generación de páginas web ('Cross-site Scripting') en Infomaniak Staff VOD Infomaniak permite Reflected XSS. Este problema afecta a VOD Infomaniak: desde n/a hasta 1.5.6. The VOD Infomaniak plugin for WordPress is vulnerable to Ref... • https://patchstack.com/database/vulnerability/vod-infomaniak/wordpress-vod-infomaniak-plugin-1-5-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •