CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51668 – WordPress MyCurator Content Curation plugin <= 3.78 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51668
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Stored XSS.This issue affects MyCurator Content Curation: from n/a through 3.78. The MyCurator Content Curation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.78 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/mycurator/wordpress-mycurator-content-curation-plugin-3-78-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29139 – WordPress MyCurator Content Curation plugin <= 3.76 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29139
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Reflected XSS.This issue affects MyCurator Content Curation: from n/a through 3.76. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Mark Tilly MyCurator Content Curation permite Reflected XSS. Este problema afecta a MyCurator Content Curation: desde n/a hasta 3.76. The MyCurator Content Curation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'topic' parameter in all versions up to, and including, 3.76 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/mycurator/wordpress-mycurator-content-curation-plugin-3-76-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32104 – WordPress MyCurator Content Curation Plugin <= 3.74 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32104
Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions. The MyCurator Content Curation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.74. This is due to missing or incorrect nonce validation on the mct_ai_logspage() function. This makes it possible for unauthenticated attackers to filter and reset logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/mycurator/wordpress-mycurator-content-curation-plugin-3-74-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •