CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34032 – WordPress bbPress Toolkit Plugin <= 1.0.12 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-34032
31 May 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en el plugin bbPress Toolkit de Pascal Casier para versiones 1.0.12 e inferiores. Para explotar esta vulnerabilidad no hace falta estar autenticado. The bbPress Toolkit plugin for WordPress is vulnerable to Unspecified Cross-Site Scripting in versions up to, and including, 1.0.12 due to insufficient input sanitization and output escapin... • https://patchstack.com/database/vulnerability/bbp-toolkit/wordpress-bbpress-toolkit-plugin-1-0-12-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34031 – WordPress bbPress Toolkit Plugin <= 1.0.12 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34031
31 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Pascal Casier bbPress Toolkit en versiones <= 1.0.12. The bbPress Toolkit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this func... • https://patchstack.com/database/vulnerability/bbp-toolkit/wordpress-bbpress-toolkit-plugin-1-0-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •