NotCVE - vendor:"Kibokolabs"

Page 4 of 51 results (0.007 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-4220 – Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Question Deletion

https://notcve.org/view.php?id=CVE-2022-4220

02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a la Cross-Site Request Forgery (CSRF) en versiones... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-38358 – MoolaMojo <= 0.7.4.1 Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-38358

09 Sep 2021 — The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1. El plugin MoolaMojo de WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro classes encontrado en el archivo ~/views/button-generator.html.php que permite a atacantes inyectar scripts web arbitrario, en versione... • https://plugins.trac.wordpress.org/browser/moolamojo/trunk/views/button-generator.html.php#L16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-38317 – Konnichiwa! Membership <= 0.8.3 Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-38317

08 Sep 2021 — The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3. El plugin Konnichiwa! Membership de WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado, por medio del parámetro plan_id en el archivo ~/views/subscriptions.html.php que permite a atacantes inyectar scripts web arbitrario, en versio... • https://plugins.trac.wordpress.org/browser/konnichiwa/trunk/views/subscriptions.html.php?rev=1625922#L7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24690 – Chained Quiz < 1.2.7.2 - Authenticated Stored Cross Site Scripting

https://notcve.org/view.php?id=CVE-2021-24690

07 Sep 2021 — The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings. El plugin Chained Quiz de WordPress versiones anteriores a 1.2.7.2, no sanea o escapa correctamente de las entradas en la configuración del plugin • https://wpscan.com/vulnerability/b2f473b4-268c-48b7-95e8-0a8eeaa3fc28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-7104 – Chained Quiz <= 1.1.8.1 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2020-7104

16 Jan 2020 — The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. El plugin chained-quiz versión 1.1.8.1 para WordPress, presenta una vulnerabilidad de tipo XSS reflejado por medio del parámetro total_questions del archivo wp-admin/admin-ajax.php. • https://wpvulndb.com/vulnerabilities/10029 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-12345 – Hostel <= 1.1.3 - Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2019-12345

25 May 2019 — XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. Existe Cross-Site Scripting (XSS) en el plugin Kiboko Hostel en versiones anteriores a la 1.1.4 para WordPress. The Hostel Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'contact_name' and 'contact_phone' parameters in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages t... • https://wordpress.org/plugins/hostel/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1

CVE-2018-18461 – Arigato Autoresponder and Newsletter <= 2.7 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2018-18461

17 Oct 2018 — The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. El plugin Arigato Autoresponder and Newsletter (también conocido como bft-autoresponder) v2.5.1.7 para WordPress permite que atacantes remotos ejecuten código arbitrario mediante código PHP en los datos attachments[] en models/attachment.php. The Arigato Autoresponder and Newsletter (aka bft-autoresponder... • https://github.com/rakjong/vuln/blob/master/woedpress-Arigato%20Autoresponder_and_Newsletter-getshell.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-1002008 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-1002008

18 Sep 2018 — There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable. Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Esta vulnerabilidad requiere privilegios de administrador para que se explote. Existe una vulnerabilidad Cross-Site Scripting (XSS) en lis... • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-1002007 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-1002007

18 Sep 2018 — There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id. Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Esta vulnerabilidad requiere privilegios de administrador para que se explote. Existe una vulnerabilidad Cross-Site Scri... • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-1002004 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-1002004

18 Sep 2018 — There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Esta vulnerabilidad requiere privilegios de administrador para que se explote. • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5