CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49177 – WordPress which template file Plugin <= 4.9.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-49177
29 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS.This issue affects which template file: from n/a through 4.9.0. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Gilles Dumas, cuyo archivo de plantilla permite XSS Reflejado. Este problema afecta a qué archivo de plantilla: desde n/a hasta 4.9.0. The which template file plugin for... • https://patchstack.com/database/vulnerability/which-template-file/wordpress-which-template-file-plugin-4-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45753 – WordPress which template file Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45753
12 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which template file plugin <= 4.6.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Gilles Dumas which template file en versiones <= 4.6.0. The which template file plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke th... • https://patchstack.com/database/vulnerability/which-template-file/wordpress-which-template-file-plugin-4-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •