CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44471 – WordPress Backend Localization Plugin <= 2.1.10 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-44471
29 Sep 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento de Bernhard Kau Backend Localization en versiones <= 2.1.10. The Backend Localization plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the backend_localization_admin_settings() function. This makes it possible for... • https://patchstack.com/database/vulnerability/kau-boys-backend-localization/wordpress-backend-localization-plugin-2-1-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-10014 – Kau-Boy Backend Localization Plugin backend_localization.php localize_backend cross site scripting
https://notcve.org/view.php?id=CVE-2012-10014
30 Jul 2012 — A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_localization.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.1 is able to address this issue. • https://github.com/wp-plugins/kau-boys-backend-localization/commit/36f457ee16dd114e510fd91a3ea9fbb3c1f87184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2012-10013 – Kau-Boy Backend Localization Plugin backend_localization.php cross site scripting
https://notcve.org/view.php?id=CVE-2012-10013
30 Jul 2012 — A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. • https://github.com/wp-plugins/kau-boys-backend-localization/commit/43dc96defd7944da12ff116476a6890acd7dd24b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •