CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3237 – WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-3237
10 Oct 2022 — The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El complemento de WordPress WP Contact Slider anterior a 2.4.8 no sanitiza y escapa de su configuración, lo que permite a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permiti... • https://wpscan.com/vulnerability/cd2fd6cd-a839-4de8-af28-b5134873c40e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1301 – WP Contact Slider < 2.4.7 - Editor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1301
13 Jun 2022 — The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed El plugin WP Contact Slider de WordPress versiones anteriores a 2.4.7, no sanea ni escapa de los parámetros de Texto a Mostrar de los sliders, lo que podría permitir a usuarios con altos privilegios, como el editor y superiores, llevar a cab... • https://wpscan.com/vulnerability/69b75983-1010-453e-bf67-27b4a2a327a8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 425EXPL: 0CVE-2022-4974 – Freemius SDK <= 2.4.2 - Missing Authorization Checks
https://notcve.org/view.php?id=CVE-2022-4974
04 Mar 2022 — The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. • https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=cve • CWE-862: Missing Authorization •