CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2022-1692 – CP Image Store with Slideshow < 1.0.68 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-1692
09 May 2022 — The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack El plugin CP Image Store with Slideshow de WordPress versiones anteriores a 1.0.68, no sanea ni escapa del parámetro de consulta ordering_by antes de usarlo en una sentencia SQL en las páginas en las que el [codepeople-image-store]... • https://bulletin.iese.de/post/cp-image-store_1-0-67 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 6%CPEs: 1EXPL: 3CVE-2022-0448 – CP Blocks < 1.0.15 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0448
02 Feb 2022 — The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. El plugin CP Blocks de WordPress versiones anteriores a 1.0.15, no sanea ni escapa de su configuración "License ID", lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando el unfiltered_html no está autorizado The CP Blo... • https://packetstorm.news/files/id/165887 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24712 – Appointment Hour Booking – WordPress Booking Plugin < 1.3.17 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24712
10 Sep 2021 — The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars. El plugin Appointment Hour Booking de WordPress versiones anteriores a 1.3.17, no sanea correctamente los valores usados cuando se crean nuevos calendarios • https://wpscan.com/vulnerability/e677e51b-0d3f-44a5-9fcd-c159786b9926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24673 – Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24673
06 Sep 2021 — The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin Appointment Hour Booking de WordPress versiones anteriores a 1.3.16, no escapa a algunos de los ajustes del formulario del calendario, que permite a usuarios con privilegios elevados llevar a cabo ataques de tipo Cross-Site Scripting Almacenado incluso cuan... • https://wpscan.com/vulnerability/75a67932-d831-4dfb-a70d-a07650eaa755 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 25%CPEs: 1EXPL: 1CVE-2021-24498 – Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24498
05 Jul 2021 — The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue. El plugin de WordPress Calendar Event Multi View versiones anteriores a 1.4.01, no sanea o escapa de los parámetros GET "start" y "end" antes de mostrarlos en la página (por medio de el archivo php/edit.php), conllevando a un problema de tipo Cross-Site Scripting reflejado The Ca... • https://wpscan.com/vulnerability/3c5a5187-42b3-4f88-9b0e-4fdfa1c39e86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13505 – Appointment Hour Booking – WordPress Booking Plugin <= 1.1.45 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-13505
09 Jul 2019 — The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. El plugin Appointment Hour Booking versión 1.1.44 para WordPress, permite una vulnerabilidad de tipo XSS por medio del campo E-mail, como es demostrado por email_1. • https://github.com/ivoschyk-cs/CVE-s/blob/master/Appointment%20Hour%20Booking%20%E2%80%93%20WordPress%20Booking%20Plugin%20--%20stored%20XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18579 – Corner Ad < 1.0.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18579
16 Feb 2017 — The corner-ad plugin before 1.0.8 for WordPress has XSS. El complemento de anuncios de esquina en versiones anterior a 1.0.8 para WordPress tiene XSS. • https://wordpress.org/plugins/corner-ad/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •