NotCVE - vendor:"Tribulant"

Page 2 of 17 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-28497 – WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-28497

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Tribulant Slideshow Gallery LITE en versiones <= 1.7.6. The Slideshow Gallery LITE plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the admin_slides function. This makes it possible for unauthenticated attackers to delete slides via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-7-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24882 – Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24882

The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed El plugin Slideshow Gallery de WordPress versiones anteriores a 1.7.4, no sanea ni escapa de los campos "Title" de la diapositiva, "Description" y "Title" de la galería, que podría permitir a usuarios con privilegios elevados llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando el unfiltered_html está deshabilitado • https://wpscan.com/vulnerability/6d71816c-8267-4b84-9087-191fbb976e72 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-35932 – Newsletter <= 6.8.1 - Authenticated PHP Object Injection

https://notcve.org/view.php?id=CVE-2020-35932

Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exploitability depends on PHP objects that might be present with certain other plugins or themes. Una Deserialización No Segura en el plugin Newsletter versiones anteriores a 6.8.2 para WordPress, permite a atacantes remotos autenticados con privilegios mínimos (tales como suscriptores) usar la acción AJAX de tpnc_render para inyectar objetos PHP arbitrarios por medio del parámetro options[inline_edits]. NOTA: la explotabilidad depende de los objetos PHP que pueden estar presentes con otros plugins o temas. • https://www.wordfence.com/blog/2020/08/newsletter-plugin-vulnerabilities-affect-over-300000-sites • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-15828 – One Click SSL <= 1.4.6 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2019-15828

The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. El plugin one-click-ssl anterior a la versión 1.4.7 para WordPress tiene CSRF. • https://wordpress.org/plugins/one-click-ssl/#developers https://wpvulndb.com/vulnerabilities/9448 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

CVE-2019-14787 – Newsletters <= 4.6.18 - Cross-Site Scripting via contentarea Parameter

https://notcve.org/view.php?id=CVE-2019-14787

The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. El plugin Tribulant Newsletters en versiones anteriores a 4.6.19 para WordPress, permite un ataque de tipo XSS por medio del parámetro contentarea de wp-admin/admin-ajax.php?action=newsletters_load_new_editor. • https://wordpress.org/plugins/newsletters-lite/#developers https://wpvulndb.com/vulnerabilities/9447 https://www.pluginvulnerabilities.com/2019/07/01/reflected-cross-site-scripting-xss-vulnerability-in-newsletters • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4