CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32442 – WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32442
12 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Zoho Campaigns. Este problema afecta a Zoho Campaigns: desde n/a hasta 2.0.7. The Zoho Campaigns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the zcwc_integration_disconnect() function. • https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30239 – WordPress Zoho Campaigns plugin <= 2.0.6 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30239
26 Mar 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("inyección SQL") en Zoho Campaigns. Este problema afecta a Zoho Campaigns: desde n/a hasta 2.0.6. The Zoho Campaigns plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.6 due to insufficient esca... • https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-6-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-42956
https://notcve.org/view.php?id=CVE-2021-42956
17 Nov 2021 — Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more. Zoho Remote Access Plus Server Windo... • https://medium.com/nestedif/vulnerability-disclosure-sensitive-info-leakage-agent-memory-dump-zoho-r-a-p-3d5ebc8928af • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19306 – Zoho CRM Lead Magnet <= 1.6.9.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-19306
15 Oct 2019 — The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName. El plugin Zoho CRM Lead Magnet versión 1.6.9.1 para WordPress, permite XSS por medio del módulo, EditShortcode o LayoutName. • https://cybersecurityworks.com/zerodays/cve-2019-19306-zoho.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15644 – Zoho SalesIQ <= 1.0.8 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15644
31 May 2019 — The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. El plugin zoho-salesiq versiones anteriores a 1.0.9 para WordPress, tiene una vulnerabilidad de tipo XSS almacenado. • https://wordpress.org/plugins/zoho-salesiq/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15645 – Zoho SalesIQ <= 1.0.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-15645
31 May 2019 — The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. El plugin zoho-salesiq versiones anteriores a 1.0.9 para WordPress, tiene una vulnerabilidad de tipo CSRF. • https://wordpress.org/plugins/zoho-salesiq/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5962 – Zoho SalesIQ <= 1.0.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-5962
31 May 2019 — Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo cross-site-scripting (XSS) en Zoho SalesIQ versión 1.0.8 y anteriores, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. • https://jvn.jp/en/jp/JVN88962935/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5963 – Zoho SalesIQ <= 1.0.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-5963
31 May 2019 — Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Zoho SalesIQ versión 1.0.8 y anteriores, permite a los atacantes remotos secuestrar la autenticación de administradores por medio de vectores no especificados. • https://jvn.jp/en/jp/JVN88962935/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6686
https://notcve.org/view.php?id=CVE-2014-6686
23 Sep 2014 — The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Zoho Books - Accounting App 3.1.9 (también conocida como com.zoho.books) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a ... • http://www.kb.cert.org/vuls/id/582497 • CWE-310: Cryptographic Issues •