CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2950 – BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.14 - Information Exposure
https://notcve.org/view.php?id=CVE-2024-2950
05 Apr 2024 — The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This makes it possible for unauthenticated attackers to view the first 130 characters of a password protected post which can contain sensitive information. El complemento BoldGrid Easy SEO – Simple and Effective SEO para WordPress es vulnerable a la exposición de información en todas las versiones hasta la 1.6.14 inclui... • https://plugins.trac.wordpress.org/browser/boldgrid-easy-seo/tags/1.6.15/includes/class-boldgrid-seo-admin.php?rev=3064911 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1692 – BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.13 - Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description
https://notcve.org/view.php?id=CVE-2024-1692
29 Mar 2024 — The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento BoldGrid Easy SEO – ... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3054618%40boldgrid-easy-seo&new=3054618%40boldgrid-easy-seo&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 15%CPEs: 1EXPL: 0CVE-2024-0386 – weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer
https://notcve.org/view.php?id=CVE-2024-0386
12 Mar 2024 — The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento weForms para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del encabezado HTTP 'Referer' en todas las versio... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047406%40weforms&new=3047406%40weforms&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2024-24869 – WordPress Total Upkeep plugin <= 1.15.8 - Arbitrary File Download vulnerability
https://notcve.org/view.php?id=CVE-2024-24869
02 Feb 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8. La limitación incorrecta de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en BoldGrid Total Upkeep permite el path traversal relativo. Este problema afecta a Total Upkeep: desde n/a hasta 1.15.8. The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by Bo... • https://patchstack.com/database/vulnerability/boldgrid-backup/wordpress-total-upkeep-plugin-1-15-8-arbitrary-file-download-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25480 – WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25480
22 Aug 2023 — Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en BoldGrid Post y Page Builder por BoldGrid – complemento Visual Drag and Drop Editor en versiones <= 1.24.1. The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.24.1. This is due to missi... • https://patchstack.com/database/vulnerability/post-and-page-builder/wordpress-post-and-page-builder-by-boldgrid-plugin-1-24-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4932 – Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
https://notcve.org/view.php?id=CVE-2022-4932
24 Feb 2022 — The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2684462%40boldgrid-backup&new=2684462%40boldgrid-backup&sfp_email=&sfph_mail= • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 9%CPEs: 1EXPL: 1CVE-2021-24452 – W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)
https://notcve.org/view.php?id=CVE-2021-24452
28 Jun 2021 — The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site c... • https://wpscan.com/vulnerability/3e855e09-056f-45b5-89a9-d644b7d8c9d0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 5%CPEs: 1EXPL: 1CVE-2021-24436 – W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)
https://notcve.org/view.php?id=CVE-2021-24436
28 Jun 2021 — The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise. El plugin W3 Total Cache WordPress versiones anteriores a 2.1.4, er... • https://wpscan.com/vulnerability/05988ebb-7378-4a3a-9d2d-30f8f58fe9ef • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24427 – W3 Total Cache < 2.1.3 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24427
16 Jun 2021 — The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue El plugin de WordPress W3 Total Cache versiones anteriores a 2.1.3, no saneaba o escapaba de algunas de sus configuraciones de CDN, permitiendo a usuarios con altos privilegios usar JavaScript en ellas, que se emitirá en la página, conllevando a un problema... • https://m0ze.ru/vulnerability/%5B2021-04-25%5D-%5BWordPress%5D-%5BCWE-79%5D-W3-Total-Cache-WordPress-Plugin-v2.1.2.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36848 – Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download
https://notcve.org/view.php?id=CVE-2020-36848
14 Dec 2020 — The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them. • https://plugins.trac.wordpress.org/changeset/2439376/boldgrid-backup • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •