CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38781 – WordPress CopySafe Web Protection plugin <= 3.15 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-38781
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArtistScope CopySafe Web Protection allows Reflected XSS.This issue affects CopySafe Web Protection: from n/a through 3.15. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en ArtistScope CopySafe Web Protection permite XSS reflejado. Este problema afecta a CopySafe Web Protection: desde n/a hasta 3.15. The CopySafe Web Protection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-copysafe-web/wordpress-copysafe-web-protection-plugin-3-15-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29098 – WordPress CopySafe Web Protection Plugin <= 3.13 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-29098
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin <= 3.13 versions. The CopySafe Web Protection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in versions up to, and including, 3.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wp-copysafe-web/wordpress-copysafe-web-protection-plugin-3-13-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8100 – CopySafe Web Protection < 2.6 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-8100
There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings. Hay CSRF en el plugin CopySafe Web Protection en versiones anteriores a 2.6 para WordPress, permitiendo a los atacantes cambiar la configuración del plugin. • http://seclists.org/fulldisclosure/2017/Apr/42 http://www.securityfocus.com/bid/98091 https://wordpress.org/plugins/wp-copysafe-web/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •