CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22143 – WordPress WP Spell Check Plugin <= 9.17 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-22143
12 Jan 2024 — Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This issue affects WP Spell Check: from n/a through 9.17. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WP Spell Check. Este problema afecta a WP Spell Check: desde n/a hasta 9.17. The WP Spell Check plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.17. This is due to missing or incorrect nonce validation on the wpscx_admin_empty_render() function. • https://patchstack.com/database/vulnerability/wp-spell-check/wordpress-wp-spell-check-plugin-9-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2658 – WP Spell Check < 9.13 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2658
23 Dec 2022 — The WP Spell Check WordPress plugin before 9.13 does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento WP Spell Check de WordPress anterior a 9.13 no escapa las palabras ignoradas, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de cross site scripting almacenado incluso cuando la... • https://wpscan.com/vulnerability/e72fa040-3ca5-4570-9a3c-c704574b1ca3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6027 – WP Spell Check <= 7.1.9 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-6027
26 Nov 2019 — Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en WP Spell Check versión 7.1.9 y anteriores, permite a atacantes remotos secuestrar la autenticación de administradores por medio de vectores no especificados. • http://jvn.jp/en/jp/JVN26838191/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •