CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29915 – WordPress Podlove Podcast Publisher plugin <= 4.0.9 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29915
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Podlove Podlove Podcast Publisher permite el XSS reflejado. Este problema afecta a Podlove Podcast Publisher: desde n/a hasta 4.0.9. The Podlove Podcast Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29122 – WordPress FV Player plugin <= 7.5.41.7212 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29122
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Foliovision: hacer que la web funcione para usted FV Flowplayer Video Player permite almacenar XSS. Este problema afecta a FV Flowplayer Video Player: desde n/a hasta 7.5.41.7212 . The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.5.41.7212 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/fv-wordpress-flowplayer/wordpress-fv-player-plugin-7-5-41-7212-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24837 – Cross-Site Request Forgery (CSRF) vulnerability in FG PrestaShop, FG Drupal and FG Joomla WordPress plugins
https://notcve.org/view.php?id=CVE-2024-24837
Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Frédéric GILLES FG PrestaShop a WooCommerce, Frédéric GILLES FG Drupal a WordPress, Frédéric GILLES FG Joomla a WordPress. Este problema afecta a FG PrestaShop a WooCommerce: desde n/a hasta 4.44.3; FG Drupal a WordPress: desde n/a hasta 3.67.0; FG Joomla a WordPress: desde n/a hasta 4.15.0. The FG Drupal to WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.67.0. This is due to missing or incorrect nonce validation on the ajax_importer() function. • https://patchstack.com/database/vulnerability/fg-drupal-to-wp/wordpress-fg-drupal-to-wordpress-plugin-3-67-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/fg-joomla-to-wordpress/wordpress-fg-joomla-to-wordpress-plugin-4-15-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/fg-prestashop-to-woocommerce/wordpress-fg-prestashop-to-woocommerce-plugin-4-44-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6783 – WolfNet IDX for WordPress <= 1.19.1 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-6783
The WolfNet IDX for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7197 – Marketing Twitter Bot <= 1.11 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-7197
The Marketing Twitter Bot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.11. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •