Page 2 of 9 results (0.010 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.1 versions. The Leyka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stage' parameter in versions up to, and including, 3.30.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2. La vulnerabilidad de gestión de privilegios inadecuada en Teplitsa de las tecnologías sociales de Leyka permite la escalada de privilegios. Este problema afecta a Leyka: desde n/a hasta 3.30.2. The Leyka plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 3.30.2. This allows donors users to gain administrator access by setting the passwords for an administrator account when initially setting their password. • https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions. The Leyka plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.29.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Teplitsa of social technologies Leyka en versiones &lt;=3.29.2. The Leyka plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.29.2. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown. • https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •