CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4409 – WP-ViperGB <= 1.6.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2024-4409
23 May 2024 — The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento WP-ViperGB para WordPress es vulnerable a la Cross-Site Request Forgery en todas las v... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3091230%40wp-vipergb%2Ftrunk&old=2812759%40wp-vipergb%2Ftrunk&sfp_email=&sfph_mail= • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9356 – Viper GuestBook <= 1.3.15 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9356
20 Apr 2015 — The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460. El plugin wp-vipergb versiones anteriores a 1.3.16 para WordPress, tiene una vulnerabilidad de tipo XSS por medio de las funciones add_query_arg() y remove_query_arg(), un problema diferente de CVE-2014-9460. The Viper GuestBook plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.3.15 due to insufficient input sanitization and ... • https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9460 – WP-ViperGB <= 1.3.10 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-9460
12 Dec 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin/options-general.php. Múltiples vulnerabilidades de CSRF en el plugin WP-ViperGB anterior a 1.3.11 para WordPress permiten a a... • http://packetstormsecurity.com/files/129501/WordPress-WP-ViperGB-1.3.10-CSRF-XSS.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •