2 results (0.018 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

21 Jun 2023 — Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.44 versions. The OOPSpam Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.44. This is due to missing or incorrect nonce validation on the 'empty_ham_entries' and 'empty_spam_entries' functions. This makes it possible for unauthenticated attackers to delete both spam and legitimate entries via a forged request granted they can trick a site administrator in... • https://patchstack.com/database/vulnerability/oopspam-anti-spam/wordpress-oopspam-anti-spam-plugin-1-1-44-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

17 Jan 2023 — Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions. The OOPSpam Anti-Spam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via options such as 'oopspam_wpregister_spam_message', 'oopspam_woo_spam_message', and 'oopspam_give_spam_message' (as well as numerous others) in versions up to, and including, 1.1.35 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitr... • https://patchstack.com/database/vulnerability/oopspam-anti-spam/wordpress-oopspam-anti-spam-plugin-1-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •