CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8915 – Category Icon <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
https://notcve.org/view.php?id=CVE-2024-8915
11 Oct 2024 — The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. • https://plugins.trac.wordpress.org/browser/category-icon/trunk/category-icon.php#L437 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8241 – Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute
https://notcve.org/view.php?id=CVE-2024-8241
09 Sep 2024 — The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://github.com/pixelgrade/nova-blocks/commit/655b5b804306c3ca3a59707cc2f12098e193b4ca • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23702 – WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23702
03 Nov 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Pixelgrade Comments Ratings en versiones <= 1.1.7. The Comments Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This m... • https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45654 – WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45654
12 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Pixelgrade Comments Ratings en versiones <= 1.1.7. The Comments Ratings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.7. This is due to missing or incorrect nonce validation on on of its functions. This makes it possible for unauthenticated attackers to invoke this function vi... • https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45655 – WordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45655
12 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento PixelGrade PixFields en versiones <= 0.7.0. The PixFields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.7.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged request g... • https://github.com/pixelgrade/pixfields/releases/tag/0.7.1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40205 – WordPress PixTypes Plugin <= 1.4.15 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-40205
11 Aug 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pixelgrade PixTypes plugin <= 1.4.15 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejado no autenticado en el plugin Pixelgrade PixTypes en versiones anteriores e incluyendo la 1.4.15. The PixTypes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitr... • https://patchstack.com/database/vulnerability/pixtypes/wordpress-pixtypes-plugin-1-4-15-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23704 – WordPress Comments Ratings Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23704
07 Apr 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions. The Comments Ratings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on the run() function. This makes it possible for unauthenticated attackers to modify the plugin's settings, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.... • https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25487 – WordPress PixTypes Plugin <= 1.4.14 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25487
07 Apr 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes plugin <= 1.4.14 versions. The PixTypes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.14. This is due to missing or incorrect nonce validation on the save_pixtypes_settings() function. This makes it possible for unauthenticated attackers to modify theme settings in the plugin, via a forged request granted they can trick a site administrator into performing an action such as clickin... • https://patchstack.com/database/vulnerability/pixtypes/wordpress-pixtypes-plugin-1-4-14-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46844 – WordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-46844
30 Mar 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions. The PixFields plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Auth. • https://patchstack.com/database/vulnerability/pixfields/wordpress-pixfields-plugin-0-7-0-auth-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27633 – WordPress Customify Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27633
14 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin <= 2.10.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Pixelgrade Customify – Intuitive Website Styling en versiones <=2.10.4. The Customify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenti... • https://patchstack.com/database/vulnerability/customify/wordpress-customify-plugin-2-10-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •