CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15328 – Import and export users and customers <= 1.14.0.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15328
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.0.3 para WordPress, presenta una vulnerabilidad de tipo XSS. • https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450 https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20101 – Import users from CSV with meta <= 1.12 - Import Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20101
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell. El plugin "Import users from CSV with meta" de codection en versiones anteriores a la 1.12.1 para WordPress permite Cross-Site Scripting (XSS) mediante el valor de una celda. • https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers https://wpvulndb.com/vulnerabilities/9176 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8875 – Clean Login <= 1.10.3 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-8875
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. CSRF, en el plugin Clean Login en versiones anteriores a la 1.8 para WordPress, permite a los atacantes remotos cambiar la URL de redirección de inicio o cierre de sesión. The Clean Login for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.3. This is due to missing or incorrect nonce validation on the clean_login_options() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • http://seclists.org/fulldisclosure/2017/May/23 https://wordpress.org/plugins/clean-login/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9336 – Clean Login <= 1.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9336
The clean-login plugin before 1.5.1 for WordPress has reflected XSS. El plugin clean-login versiones anteriores a 1.5.1 para WordPress, presenta una vulnerabilidad de tipo XSS reflejado. The Clean Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on the 'pass' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wordpress.org/plugins/clean-login/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •