2 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-49169 – WordPress Ads by datafeedr.com Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2023-49169

29 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS.This issue affects Ads by datafeedr.Com: from n/a through 1.2.0. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en datafeedr.Com Ads by datafeedr.Com permite almacenar XSS. Este problema afecta a Ads by datafeedr.Com: desde n/a hasta 1.2.0. The Ads by datafeedr.com plugin for WordPre... • https://patchstack.com/database/vulnerability/ads-by-datafeedrcom/wordpress-ads-by-datafeedr-com-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

CVE-2023-5843 – Ads by datafeedr.com <= 1.1.3 - Unauthenticated (Limited) Remote Code Execution

https://notcve.org/view.php?id=CVE-2023-5843

30 Oct 2023 — The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily. El complemento Ads by datafeedr.com para WordPress es vulnerable a la ejecución remota de código en versiones hasta la 1.1.3 incluida a través de la función 'dfads_ajax_load_ads'. Esto pe... • https://github.com/codeb0ss/CVE-2023-5843-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') •