CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23964 – WordPress Google Plus Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23964
20 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Google Plus allows Reflected XSS. This issue affects Google Plus: from n/a through 1.0.2. The Google Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can success... • https://patchstack.com/database/wordpress/plugin/google-plus-google/vulnerability/wordpress-google-plus-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54399 – WordPress CRUDLab Google Plus Button plugin <= 1.0.2 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-54399
12 Dec 2024 — Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through 1.0.2. The CRUDLab Google Plus Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request gr... • https://patchstack.com/database/wordpress/plugin/crudlab-google-plus/vulnerability/wordpress-crudlab-google-plus-button-plugin-1-0-2-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53723 – WordPress Google Plus Share and +1 Button plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-53723
22 Nov 2024 — Cross-Site Request Forgery (CSRF) vulnerability in A.Cihangir BALTACI Google Plus Share and +1 Button allows Stored XSS.This issue affects Google Plus Share and +1 Button: from n/a through 1.0. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en A.Cihangir BALTACI Google Plus Share y el botón +1 permite XSS almacenado. Este problema afecta a Google Plus Share y el botón +1: desde n/a hasta 1.0. The Google Plus Share and +1 Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ... • https://patchstack.com/database/wordpress/plugin/google-plus-share-and-plusone-button/vulnerability/wordpress-google-plus-share-and-1-button-plugin-1-0-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •