CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24850 – WordPress Quicksand Post Filter jQuery plugin <= 3.1.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-24850
Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. Vulnerabilidad de autorización faltante en Mark Stockton Quicksand Post Filter jQuery Plugin. Este problema afecta al complemento jQuery Quicksand Post Filter: desde n/a hasta 3.1.1. The Quicksand Post Filter jQuery Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'quicksand_admin_ajax' function in versions up to, and including, 3.1.1. This makes it possible for unauthenticated attackers to delete arbitrary site options. • https://patchstack.com/database/vulnerability/quicksand-jquery-post-filter/wordpress-quicksand-post-filter-jquery-plugin-3-1-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24849 – WordPress Quicksand Post Filter jQuery Plugin Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-24849
Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Mark Stockton Quicksand Post Filter jQuery Plugin. Este problema afecta a Quicksand Post Filter jQuery Plugin: desde n/a hasta 3.1.1. The Quicksand Post Filter jQuery Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'renderAdmin' function. • https://patchstack.com/database/vulnerability/quicksand-jquery-post-filter/wordpress-quicksand-post-filter-jquery-plugin-3-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32850 – jQuery MiniColors vulnerable to Cross-site Scripting
https://notcve.org/view.php?id=CVE-2021-32850
jQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color names. This issue is patched in version 2.3.6. • https://github.com/claviska/jquery-minicolors/commit/ef134824a7f4110ada53ea6c173111a4fa2f48f3 https://github.com/claviska/jquery-minicolors/releases/tag/2.3.6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MC5HV4ESLV2E23YGHNJ542QEZBH6YE2F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDXBWA54A7D6HMR2TN5BAYNCU7HO2PUO https://securitylab.github.com/advisories/GHSL-2021-1045_jQuery_MiniColors_Plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2144 – Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF
https://notcve.org/view.php?id=CVE-2022-2144
The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attack El plugin Jquery Validation For Contact Form 7 de WordPress versiones anteriores a 5.3, no presenta una comprobación de tipo CSRF cuando es actualizada su configuración, lo que podría permitir a atacantes hacer que un administrador conectado cambie las opciones del blog como default_role, users_can_register por medio de un ataque de tipo CSRF The Jquery Validation For Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.2. This is due to missing or incorrect nonce validation on the jvcf7 page. This makes it possible for unauthenticated attackers to update arbitrary options, such as default role and users_can_register, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/419054d4-95e8-4f4a-b864-a98b3e18435a • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30241
https://notcve.org/view.php?id=CVE-2022-30241
The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element. jquery.json-viewer library versiones hasta 1.4.0 para Node.js no escapa correctamente los caracteres como < en un objeto JSON, como lo demuestra un elemento SCRIPT • https://github.com/abodelot/jquery.json-viewer/pull/26 https://www.npmjs.com/package/jquery.json-viewer • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •