CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32453 – WordPress POEditor plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32453
12 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en POEditor permite almacenar XSS. Este problema afecta a POEditor: desde n/a hasta 0.9.8. The POEditor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up... • https://patchstack.com/database/vulnerability/poeditor/wordpress-poeditor-plugin-0-9-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32091 – WordPress POEditor Plugin <= 0.9.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32091
05 Sep 2023 — Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento POEditor en versiones <= 0.9.4. The POEditor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.9.4. This is due to missing nonce validation on several functions such as addProject(), setApiKey(), and addLanguage(). This makes it possible for unauthenticated attackers to modify plugin settings via a fo... • https://patchstack.com/database/vulnerability/poeditor/wordpress-poeditor-plugin-0-9-4-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4209 – POEditor < 0.9.8 - Settings Reset via CSRF
https://notcve.org/view.php?id=CVE-2023-4209
07 Aug 2023 — The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks. El plugin de WordPress POEditor anterior a la versión 0.9.8 no tiene comprobaciones CSRF en varios lugares, lo que podría permitir a los atacantes hacer que los administradores registrados realicen acciones no deseadas, como restablecer la configuración del plugin y a... • https://wpscan.com/vulnerability/b2c6fa7d-1b0f-444b-8ca5-8c1c06cea1d9 • CWE-352: Cross-Site Request Forgery (CSRF) •