2 results (0.006 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-43922 – WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability

https://notcve.org/view.php?id=CVE-2024-43922

26 Aug 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7. The The NitroPack – Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.16.7. This is due to the software allowing users to execute an action that does not properly validate a value before... • https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-16-7-unauthenticated-arbitrary-shortcode-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-52121 – WordPress NitroPack Plugin <= 1.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-52121

28 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a through 1.10.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images. Este problema afect... • https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •