CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23899 – WordPress Extensions For CF7 Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23899
20 Jan 2023 — Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation. The Extensions For CF7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.8. This is due to missing or incorrect nonce validation on the mailchimp_map function. This makes it possible for unauthenticated attackers to update some plugin options, via forged request granted they can trick a site administrator into perf... • https://patchstack.com/database/vulnerability/extensions-for-cf7/wordpress-extensions-for-cf7-contact-form-7-database-conditional-fields-and-redirection-plugin-2-0-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4650 – HashBar – WordPress Notification Bar < 1.3.6 - Contributor+ Stored XSS via Shortcode
https://notcve.org/view.php?id=CVE-2022-4650
27 Dec 2022 — The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. El complemento HashBar de WordPress anterior a 1.3.6 no valida ni escapa uno de sus atributos de código corto, lo que podría permitir a los usuarios con un rol tan bajo como colaborador realizar un ataque de cross-site scripting almacenado. The HashBar – WordPress Notification Bar plugin for WordPress ... • https://wpscan.com/vulnerability/b430fdaa-191a-429e-b6d2-479b32bb1075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24262 – WooLentor - WooCommerce Elementor Addons + Builder < 1.8.6 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2021-24262
13 Apr 2021 — The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. El Plugin de WordPress "WooLentor - WooCommerce Elementor Addons + Builder" versiones anteriores a 1.8.6, presenta un widget que es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) almacenado por usuarios con menos privilegios, como los contribuyentes, todo por medio de un... • https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24261 – HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2021-24261
13 Apr 2021 — The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. El Plugin de WordPress " HT Mega - Absolute Addons for Elementor Page Builder" versiones anteriores a 1.5.7, presenta varios widgets que son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) almacenado por usuarios con menos privilegios, como los contribuyentes, ... • https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •