CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28421 – WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.10 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-28421
15 Mar 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture.This issue affects WordPress Email Marketing Plugin – WP Email Capture: from n/a through 3.10. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Winwar Media WordPress Email Marketing Plugin – WP Email Capture. Este problema afecta a WordPress Email Marketing Plugin – WP Email Capture: desde n/a hasta 3.10. The WordPress Email Market... • https://patchstack.com/database/vulnerability/wp-email-capture/wordpress-wp-email-capture-plugin-3-10-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24005 – WordPress Inline Tweet Sharer – Twitter Sharing Plugin Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-24005
15 Feb 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin <= 2.5.3 versions. The Inline Tweet Sharer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin setting options parameters (such as 'inline-tweet-sharer-default', 'inline-tweet-sharer-dprefix', 'inline-tweet-sharer-dsuffix' and 'inline-tweet-sharer-extraclass') in versions up to, and including, 2.5.3 due to insufficient input sanitization and output escap... • https://patchstack.com/database/vulnerability/inline-tweet-sharer/wordpress-inline-tweet-sharer-twitter-sharing-plugin-plugin-2-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23724 – WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.9.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23724
15 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions. The WordPress Email Marketing Plugin – WP Email Capture plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.3. This is due to missing nonce validation in the wp_email_capture_options_process() function. This makes it possible for unauthenticated attackers to modify email captures, via a forged request granted they can trick a site administrator into pe... • https://patchstack.com/database/vulnerability/wp-email-capture/wordpress-wordpress-email-marketing-plugin-wp-email-capture-plugin-3-9-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23723 – WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23723
30 Jan 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions. The WP Email Capture plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses... • https://patchstack.com/database/vulnerability/wp-email-capture/wordpress-wordpress-email-marketing-plugin-wp-email-capture-plugin-3-9-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23728 – WordPress WP Flipclock Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23728
20 Jan 2023 — Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Flipclock plugin <= 1.7.4 versions. The WP Flipclock plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flipclock display settings in versions up to, and including,1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will exe... • https://patchstack.com/database/vulnerability/wp-flipclock/wordpress-wp-flipclock-plugin-1-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23722 – WordPress WP eBay Product Feeds Plugin <= 3.3.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23722
19 Jan 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP eBay Product Feeds plugin <= 3.3.1 versions. The WP eBay Product Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenev... • https://patchstack.com/database/vulnerability/ebay-feeds-for-wordpress/wordpress-wp-ebay-product-feeds-plugin-3-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4525 – WP eBay Product Feeds < 1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4525
25 Apr 2014 — Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo magpie/scripts/magpie_slashbox.php en el plugin Ebay Feeds for WordPress versión 1.1 y anteriores para WordPress, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro rs... • http://codevigilant.com/disclosure/wp-plugin-ebay-feeds-for-wordpress-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •