3 results (0.011 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Octa Code Accessibility. Este problema afecta a la accesibilidad: desde n/a hasta 1.0.6. The Accessibility plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/accessibility/wordpress-accessibility-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Accessibility en WordPress en versiones &lt;= 1.0.3. The Accessibility plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/accessibility/wordpress-accessibility-plugin-1-0-1-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve https://wordpress.org/plugins/accessibility/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0

A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. Una vulnerabilidad que usa PendingIntent en Accessibility versiones anteriores a 12.5.3.2 en Android R(11.0) y 13.0.1.1 en Android S(12.0) permite a atacantes acceder al archivo con privilegios system • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-552: Files or Directories Accessible to External Parties •