CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41732 – WordPress CP Blocks Plugin <= 1.0.20 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41732
05 Sep 2023 — Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento CodePeople CP Blocks en versiones <= 1.0.20. The CP Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.20. This is due to incorrect nonce validation in the admin-int-license.inc.php file. This makes it possible for unauthenticated attackers to update the license key via a forged r... • https://patchstack.com/database/vulnerability/cp-blocks/wordpress-cp-blocks-plugin-1-0-20-csrf-leading-to-plugin-settings-change-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 6%CPEs: 1EXPL: 3CVE-2022-0448 – CP Blocks < 1.0.15 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0448
02 Feb 2022 — The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. El plugin CP Blocks de WordPress versiones anteriores a 1.0.15, no sanea ni escapa de su configuración "License ID", lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando el unfiltered_html no está autorizado The CP Blo... • https://packetstorm.news/files/id/165887 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •