CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23989 – WordPress RegistrationMagic plugin <= 5.1.9.2 - Content Injection
https://notcve.org/view.php?id=CVE-2023-23989
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.1.9.2. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Metagauss RegistrationMagic. Este problema afecta a RegistrationMagic: desde n/a hasta 5.1.9.2. The RegistrationMagic plugin for WordPress is vulnerable to content injection in versions up to, and including, 5.1.9.2. This is due to insufficient authorization checks. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-custom-registration-forms-user-registration-and-user-login-plugin-plugin-5-1-9-2-content-injection?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23976 – WordPress RegistrationMagic plugin <= 5.1.9.2 - Arbitrary Price Change
https://notcve.org/view.php?id=CVE-2023-23976
Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2. La vulnerabilidad de permisos predeterminados incorrectos en Metagauss RegistrationMagic permite acceder a una funcionalidad que no está correctamente restringida por las ACL. Este problema afecta a RegistrationMagic: desde n/a hasta 5.1.9.2. The RegistrationMagic plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 5.1.9.2. This makes it possible for unauthenticated attackers to alter the price of registrations. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-custom-registration-forms-user-registration-and-user-login-plugin-plugin-5-1-9-2-arbitrary-price-change?_s_id=cve • CWE-276: Incorrect Default Permissions CWE-285: Improper Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10049 – Overdrive Eletrônica course-builder oeditor.html cross site scripting
https://notcve.org/view.php?id=CVE-2015-10049
A vulnerability was found in Overdrive Eletrônica course-builder up to 1.7.x and classified as problematic. Affected by this issue is some unknown functionality of the file coursebuilder/modules/oeditor/oeditor.html. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.0 is able to address this issue. • https://github.com/overdrive-diy/course-builder/commit/e39645fd714adb7e549908780235911ae282b21b https://github.com/overdrive-diy/course-builder/releases/tag/V1.8.0 https://vuldb.com/?ctiid.218372 https://vuldb.com/?id.218372 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2012-10005 – manikandan170890 php-form-builder-class Textarea Textarea.php cross site scripting
https://notcve.org/view.php?id=CVE-2012-10005
A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PFBC/Element/Textarea.php of the component Textarea Handler. The manipulation of the argument value leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://code.google.com/archive/p/php-form-builder-class/issues/184 https://github.com/manikandan170890/php-form-builder-class/commit/74897993818d826595fd5857038e6703456a594a https://vuldb.com/?ctiid.218155 https://vuldb.com/?id.218155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4392 – iPanorama 360 WordPress Virtual Tour Builder <= 1.6.29 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4392
The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. The iPanorama 360 WordPress Virtual Tour Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.6.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/c298e3dc-09a7-40bb-a361-f49af4bce77e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •