NotCVE - vendor:"Wpmanageninja"

Page 2 of 13 results (0.003 seconds)

CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 1

CVE-2022-2544 – Ninja Job Board < 1.3.3 - Resume Disclosure via Directory Listing

https://notcve.org/view.php?id=CVE-2022-2544

01 Aug 2022 — The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes. El plugin Ninja Job Board de WordPress versiones anteriores a 1.3.3, no protege el directorio donde almacena los currículos subidos, haciéndolo vulnerable a un listado de directorios no autenticado que permite una descarga de los currículos subidos. The Ninja Job Board plugin for WordPress i... • https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/includes/Classes/File/FileHandler.php?old=2126467&old_path=ninja-job-board%2Ftrunk%2Fincludes%2FClasses%2FFile%2FFileHandler.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2021-24900 – Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24900

25 Oct 2021 — The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin Ninja Tables de WordPress versiones anteriores a 4.1.8, no sanea ni escapa de algunos de sus campos table, que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html está deshab... • https://packetstormsecurity.com/files/164632 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24528 – FluentSMTP < 2.0.1 - Authenticated Stored XSS

https://notcve.org/view.php?id=CVE-2021-24528

29 Jul 2021 — The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting (XSS) vulnerability. Only users with roles capable of managing plugins can modify the plugin's settings. El plugin de WordPress FluentSMTP versiones anteriores a 2.0.1, no sanea los parámetros antes de almacenar la configuración en la base ... • https://wpscan.com/vulnerability/8b8d316b-96b2-4cdc-9da5-c9ea6108a85b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2