NotCVE - vendor:"Pluginus"

Page 7 of 44 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-2556 – WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion

https://notcve.org/view.php?id=CVE-2023-2556

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete an arbitrary custom drop-down currency switcher. • https://plugins.trac.wordpress.org/changeset/2911049/currency-switcher https://www.wordfence.com/threat-intel/vulnerabilities/id/bc44c95e-9ca0-46d0-8315-72612ef3f855?source=cve • CWE-862: Missing Authorization •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-2558 – WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

https://notcve.org/view.php?id=CVE-2023-2558

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/changeset/2911049/currency-switcher https://www.wordfence.com/threat-intel/vulnerabilities/id/be054481-89b4-47d8-ad06-8622edea367f?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-31218 – WordPress WOLF Plugin <= 1.0.6 is vulnerable to CSRF leading to Stored Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2023-31218

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions. The WOLF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wpbe_update_page_field parameter in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber privileges, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-6-cross-site-scripting-xss-via-csrf-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-28664 – MDTF – Meta Data and Taxonomies Filter <= 1.3.0.1 - Relected Cross-Site Scripting via 'tax_name'

https://notcve.org/view.php?id=CVE-2023-28664

The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an authenticated user. The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tax_name’ parameter of the mdf_get_tax_options_in_widget AJAX action in versions up to, and including, 1.3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://www.tenable.com/security/research/tra-2023-3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-28666 – InPost Gallery <= 2.1.4.1 - Reflected Cross-Site Scripting via 'imgurl'

https://notcve.org/view.php?id=CVE-2023-28666

The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user. The InPost Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘imgurl’ parameter of the add_inpost_gallery_slide_item action in versions up to, and including, 2.1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://www.tenable.com/security/research/tra-2023-3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...5 6 7 8 9