Page 5 of 42 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en realmag777 El filtro de metadatos y taxonomías de WordPress (MDTF) permite almacenar XSS. Este problema afecta al filtro de metadatos y taxonomías de WordPress (MDTF): desde n/a hasta 1.3.2. The WordPress Meta Data and Taxonomies Filter (MDTF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wp-meta-data-filter-and-taxonomy-filter/wordpress-wordpress-meta-data-and-taxonomies-filter-mdtf-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) permite el XSS reflejado. Este problema afecta al filtro de metadatos y taxonomías de WordPress (MDTF): desde n/a hasta 1.3.3. The WordPress Meta Data and Taxonomies Filter (MDTF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wp-meta-data-filter-and-taxonomy-filter/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6. Vulnerabilidad de autorización faltante en usuarios y clientes de importación y exportación de Codection. Este problema afecta a los usuarios y clientes de importación y exportación: desde n/a hasta 1.24.6. The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the fire_cron function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to trigger the plugin's cron job. • https://patchstack.com/database/vulnerability/import-users-from-csv-with-meta/wordpress-import-and-export-users-and-customers-plugin-1-24-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The WP Meta and Date Remover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.0. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Venugopal Remove/hide Author, Date, Category Like Entry-Meta en versiones &lt;= 2.1. The Remove/hide Author, Date, Category Like Entry-Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the remove_a_d_c() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/removehide-author-date-category-like-entry-meta/wordpress-remove-hide-author-date-category-like-entry-meta-plugin-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •