CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5943 – Nested Pages <= 3.2.7 - Cross-Site Request Forgery to Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-5943
03 Jul 2024 — The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for unauthenticated attackers to call local php files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Nested Pages para WordPress es vulnerable ... • https://plugins.trac.wordpress.org/browser/wp-nested-pages/trunk/app/Config/Settings.php#L129 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49195 – WordPress Nested Pages Plugin <= 3.2.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-49195
01 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Kyle Phillips Nested Pages permite almacenar XSS. Este problema afecta a Nested Pages: desde n/a hasta 3.2.6. The Nested Pages plugin for WordPress is vulnerable to Stored Cross-Site... • https://patchstack.com/database/vulnerability/wp-nested-pages/wordpress-nested-pages-plugin-3-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2434 – Nested Pages <= 3.2.3 - Missing Authorization to Authenticated (Editor+) Plugin Settings Reset
https://notcve.org/view.php?id=CVE-2023-2434
30 May 2023 — The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings. El plugin Nested Pages para WordPress es vulnerable a la pérdida no autorizada de datos debido a la falta de capacidad de comprobación de la función "reset" en las versiones hasta la 3.2.3 inclusive. Esto hace pos... • https://plugins.trac.wordpress.org/browser/wp-nested-pages/tags/3.2.3/app/Form/Listeners/ResetSettings.php#L12 • CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1990 – Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-1990
06 Jun 2022 — The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed El plugin Nested Pages de WordPress versiones anteriores a 3.1.21, no escapa ni sanea algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting cuando unfiltered_html no está permitido • https://wpscan.com/vulnerability/42f1bf1f-95a8-41ee-a637-88deb80ab870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38342 – Nested Pages <= 3.1.15 Cross-Site Request Forgery to Arbitrary Post Deletion and Modification
https://notcve.org/view.php?id=CVE-2021-38342
25 Aug 2021 — The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata. El plugin Nested Pages WordPress versiones anteriores a 3.1.15 incluyéndola, era vulnerable a un ataque de tipo Cross-Site Request Forgery por medio de las acciones "npBulkAction"s y "npBulkEdit" "ad... • https://www.wordfence.com/blog/2021/08/nested-pages-pat%E2%80%A6on-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38343 – Nested Pages <= 3.1.15 Open Redirect
https://notcve.org/view.php?id=CVE-2021-38343
25 Aug 2021 — The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions. El plugin Nested Pages WordPress versiones anteriores a 3.1.15 incluyéndola, era vulnerable a una Redirección Abierta por medio del parámetro POST "page" en las acciones "npBulkActions", "npBulkEdit", "npListingSort" y "npCategoryFilter" "admin_post". • https://www.wordfence.com/blog/2021/08/nested-pages-pat%E2%80%A6on-vulnerability • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •