CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54399 – WordPress CRUDLab Google Plus Button plugin <= 1.0.2 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-54399
12 Dec 2024 — Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through 1.0.2. The CRUDLab Google Plus Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request gr... • https://patchstack.com/database/wordpress/plugin/crudlab-google-plus/vulnerability/wordpress-crudlab-google-plus-button-plugin-1-0-2-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40199 – WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40199
11 Aug 2023 — Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento CRUDLab WP Like Button en versiones <= 1.7.0. The WP Like Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the 'saveData' function. This makes it possible for unauthenticated attackers to save button options via a forg... • https://patchstack.com/database/vulnerability/wp-like-button/wordpress-wp-like-button-plugin-1-6-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32965 – WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32965
18 May 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab Jazz Popups plugin <= 1.8.7 versions. The Jazz Popups plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpjazzpopup_switchonoff’ parameter in versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such... • https://patchstack.com/database/vulnerability/jazz-popups/wordpress-jazz-popups-plugin-1-8-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32966 – WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Request Forgery (CSRF) leading to Stored XSS
https://notcve.org/view.php?id=CVE-2023-32966
18 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups leads to Stored XSS.This issue affects Jazz Popups: from n/a through 1.8.7. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en CRUDLab Jazz Popups conduce XSS Almacenado. Este problema afecta a Jazz Popups: desde n/a hasta 1.8.7. The Jazz Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/jazz-popups/wordpress-jazz-popups-plugin-1-8-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 32%CPEs: 1EXPL: 3CVE-2019-13344 – WP Like Button <= 1.6.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2019-13344
05 Jul 2019 — An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter. Una vulnerabilidad de omisión de autenticación en el plugin ... • https://www.exploit-db.com/exploits/47078 • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •