CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5210 – AMP+ Plus <= 3.0 - Reflected Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-5210
13 Nov 2023 — The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento AMP+ Plus de WordPress hasta la versión 3.0 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera Cross-Site Scripting Reflejado que podría usarse contra usuarios con altos privilegios, como el administrador. The AMP+ Plus plugin for WordP... • https://wpscan.com/vulnerability/1c3ff47a-12a5-49c1-a166-2c57e5c0d0aa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34735
https://notcve.org/view.php?id=CVE-2023-34735
29 Jun 2023 — Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection. • https://github.com/prismbreak/vulnerabilities/issues/4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0421 – Cloud Manager <= 1.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-0421
12 Apr 2023 — The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link. The Cloud Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ricerca’ parameter in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers... • https://wpscan.com/vulnerability/a356fea0-f143-4736-b2b2-c545c525335c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28995 – WordPress Configurable Tag Cloud Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28995
30 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions. The Configurable Tag Cloud plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.2. This is due to missing nonce validation on the ctc_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as cli... • https://patchstack.com/database/vulnerability/configurable-tag-cloud-widget/wordpress-configurable-tag-cloud-plugin-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28166 – WordPress Tags Cloud Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28166
14 Mar 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <= 1.0.0 versions. The Tags Cloud Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, if they can successfully trick a user into ... • https://patchstack.com/database/vulnerability/tags-cloud-manager/wordpress-tags-cloud-manager-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43462 – WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to SQL Injection (SQLi) vulnerability
https://notcve.org/view.php?id=CVE-2022-43462
24 Oct 2022 — Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. Vulnerabilidad de inyección SQL (SQLi) autenticada en el complemento IP Blacklist Cloud de Adeel Ahmed <= versiones 5.00. The IP Blacklist Cloud plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.00 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,... • https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-sql-injection-sqli-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42462 – WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-42462
24 Oct 2022 — Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. Vulnerabilidad de Cross-Site Scripting (XSS) autenticada almacenada en el complemento IP Blacklist Cloud de Adeel Ahmed <= versiones 5.00. The IP Blacklist Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administra... • https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36417 – WordPress 3D Tag Cloud plugin <= 3.8 - Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-36417
22 Sep 2022 — Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress. Una vulnerabilidad múltiple de tipo Cross-Site Scripting (XSS) por medio de un ataque de tipo Cross-Site Request Forgery (CSRF) en el plugin 3D Tag Cloud versiones anteriores a 3.8 incluyéndola en WordPress. The 3D Tag Cloud plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8. This is due to missing or incorrect nonce va... • https://patchstack.com/database/vulnerability/cardoza-3d-tag-cloud/wordpress-3d-tag-cloud-plugin-3-8-multiple-stored-cross-site-scripting-xss-via-cross-site-request-forgery-csrf-vulnerability/_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2664 – Private Cloud Management Platform POST Request global_config_query improper authentication
https://notcve.org/view.php?id=CVE-2022-2664
05 Aug 2022 — A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file /management/api/rcx_management/global_config_query of the component POST Request Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. VDB-205614 is the identifier assigned to this vulnerability. • https://vuldb.com/?id.205614 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2412 – Better Tag Cloud <= 0.99.5 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2412
18 Jul 2022 — The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) El plugin Better Tag Cloud de WordPress versiones hasta 0.99.5, no sanea y escapa de algunos de sus ajustes, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-... • https://wpscan.com/vulnerability/fc384cea-ae44-473c-8aa9-a84a2821bdc6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •