CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2361 – Social Chat < 6.0.5 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2361
18 Jul 2022 — The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. El plugin WP Social Chat de WordPress versiones anteriores a 6.0.5, no sanea y escapa de algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting Almacenado. The WP Social Chat plugin for WordPress is vuln... • https://wpscan.com/vulnerability/aa69377d-ba9e-4a2f-921c-be2ab5edcb4e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23982 – WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Server Information Exposure vulnerability
https://notcve.org/view.php?id=CVE-2022-23982
28 Jan 2022 — The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. La vulnerabilidad detectada en el plugin Perfect Brands for WooCommerce de WordPress (versiones anteriores a 2.0.4 incluyéndola) permite una exposición de información del servidor • https://patchstack.com/database/vulnerability/perfect-woocommerce-brands/wordpress-perfect-brands-for-woocommerce-plugin-2-0-4-server-information-exposure-vulnerability • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23981 – WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Set Featured Brand vulnerability
https://notcve.org/view.php?id=CVE-2022-23981
28 Jan 2022 — The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). Una vulnerabilidad permite a usuarios de nivel Subscriber+ crear marcas en el plugin Perfect Brands for WooCommerce de WordPress (versiones anteriores a 2.0.4 incluyéndola) • https://patchstack.com/database/vulnerability/perfect-woocommerce-brands/wordpress-perfect-brands-for-woocommerce-plugin-2-0-4-subscriber-set-featured-brand-vulnerability • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4443 – WordPress Mega Menu <= 2.0.6 - Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2021-4443
22 Feb 2021 — The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code. • https://www.wordfence.com/threat-intel/vulnerabilities/id/04003542-fd62-4587-9834-70e7fe8f08ef?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15779 – Social Feed Gallery <= 2.4.7 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-15779
12 Aug 2019 — The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. El plugin insta-gallery versiones anteriores a 2.4.8 para WordPress, no posee comprobación de nonce para la función qligg_dismiss_notice o qligg_form_item_delete. • https://wordpress.org/plugins/insta-gallery/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •