CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50518 – WordPress Pricer Ninja plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-50518
30 Oct 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Common Ninja Pricer Ninja allows Stored XSS.This issue affects Pricer Ninja: from n/a through 2.1.0. The Pricer Ninja plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts i... • https://patchstack.com/database/vulnerability/pricer-ninja-pricing-tables/wordpress-pricer-ninja-plugin-2-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35635 – WordPress Ninja Tables plugin <= 5.0.9 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-35635
30 May 2024 — Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.9. Vulnerabilidad de Server-Side Request Forgery (SSRF) en WPManageNinja LLC Ninja Tables. Este problema afecta a Ninja Tables: desde n/a hasta 5.0.9. The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Administra... • https://patchstack.com/database/vulnerability/ninja-tables/wordpress-ninja-tables-plugin-5-0-9-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23504 – WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-23504
19 Jan 2024 — Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5. Vulnerabilidad de autorización faltante en WPManageNinja LLC Ninja Tables. Este problema afecta a Ninja Tables: desde n/a hasta 5.0.5. The Ninja Tables plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the defaultExport() and dragAndDropExport() functions in versions up to, and including, 5.0.5. This makes it possible for unauthenticated ... • https://patchstack.com/database/vulnerability/ninja-tables/wordpress-ninja-tables-plugin-5-0-5-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •