CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56024 – WordPress Custom Dashboard Widget plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-56024
17 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Dashboard Widget allows Reflected XSS.This issue affects Custom Dashboard Widget: from n/a through 1.0.0. The Custom Dashboard Widget plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page... • https://patchstack.com/database/wordpress/plugin/create-custom-dashboard-widget/vulnerability/wordpress-custom-dashboard-widget-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51860 – WordPress Custom Dashboard Widget plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51860
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Dashboard Widget allows Stored XSS.This issue affects Custom Dashboard Widget: from n/a through 1.0.0. The Custom Dashboard Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to in... • https://patchstack.com/database/vulnerability/create-custom-dashboard-widget/wordpress-custom-dashboard-widget-plugin-1-0-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48034 – WordPress Creates 3D Flipbook, PDF Flipbook plugin <= 1.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-48034
09 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Fliperrr Team Creates 3D Flipbook, PDF Flipbook allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through 1.2. La vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en el equipo Fliperrr Creates 3D Flipbook, PDF Flipbook permite cargar un Web Shell a un servidor web. Este problema afecta a Creates 3D Flipbook, PDF Flipbook: desde n/a hasta 1.2. The Creates 3D Flipbook... • https://patchstack.com/database/vulnerability/create-flipbook-from-pdf/wordpress-creates-3d-flipbook-pdf-flipbook-plugin-1-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47356 – WordPress Create theme <= 2.9.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47356
30 Sep 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1. The Create theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will... • https://patchstack.com/database/vulnerability/create/wordpress-create-theme-2-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43264 – WordPress Create by Mediavine plugin <= 1.9.8 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43264
12 Aug 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8. The Create by Mediavine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/mediavine-create/wordpress-create-by-mediavine-plugin-1-9-7-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37495 – WordPress Create by Mediavine plugin <= 1.9.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37495
04 Jul 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mediavine Create by Mediavine allows Stored XSS.This issue affects Create by Mediavine: from n/a through 1.9.7. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Mediavine Create by Mediavine permite XSS almacenado. Este problema afecta a Create by Mediavine: desde n/a hasta 1.9.7. The Create by Mediavine plugin for WordPr... • https://patchstack.com/database/vulnerability/mediavine-create/wordpress-create-by-mediavine-plugin-1-9-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25855
https://notcve.org/view.php?id=CVE-2022-25855
06 Feb 2023 — All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. • https://security.snyk.io/vuln/SNYK-JS-CREATECHOOAPP3-3157951 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25908
https://notcve.org/view.php?id=CVE-2022-25908
24 Jan 2023 — All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. Todas las versiones del paquete create-choo-electron son vulnerables a la inyección de comandos a través de la función devInstall debido a una sanitización inadecuada de la entrada del usuario. • https://security.snyk.io/vuln/SNYK-JS-CREATECHOOELECTRON-3157953 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36341 – WordPress AS – Create Pinterest Pinboard Pages plugin <= 1.0 - Authenticated plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-36341
10 Aug 2022 — Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS – Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress. Un Cambio de configuración del plugin autenticado (suscriptor+) conllevando a una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado en el plugin AS - Create Pinterest Pinboard Pages de Akash soni versiones anteriores a 1.0 incluyéndola, en WordPress. The Create Pinterest Pinboard Pages plugin for WordPress is... • https://patchstack.com/database/vulnerability/as-create-pinterest-pinboard-pages/wordpress-as-create-pinterest-pinboard-pages-plugin-1-0-authenticated-plugin-settings-change-leading-to-stored-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-23974
https://notcve.org/view.php?id=CVE-2020-23974
27 Aug 2020 — Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags). Create-Project Manager versión 1.07, presenta una vulnerabilidad de tipo Cross-site Scripting Multi Persistente y una inyección de HTML por medio de Online chat, Social feed, Message(title-tag), Add new client (all-tags) • https://cxsecurity.com/issue/WLB-2020050071 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •