CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45750 – WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45750
12 Oct 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <= 2.0.3 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento POSIMYTH Nexter Extension en versiones <= 2.0.3. The Nexter Extension plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ and 'post_id' parameters in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for u... • https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45751 – WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-45751
12 Oct 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3. Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en POSIMYTH Nexter Extension. Este problema afecta a Nexter Extension: desde n/a hasta 2.0.3. The Nexter Extension plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.3 via the nxt-code-php-snippet metabox. This allows ... • https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45657 – WordPress Nexter Theme <= 2.0.3 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-45657
12 Oct 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en POSIMYTH Nexter permite la inyección SQL. Este problema afecta a Nexter: desde n/a hasta 2.0.3. The Nexter theme for WordPress is vulnerable to SQL Injection via the 'to' and 'from' parameters in vers... • https://github.com/RandomRobbieBF/CVE-2023-45657 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •