CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5530 – Easy Property Listings < 3.4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-5530
Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Easy Property Listings versiones anteriores a 3.4, permite a atacantes remotos secuestrar la autenticación de los administradores por medio de vectores no especificados. • https://jvn.jp/en/jp/JVN89259622/index.html https://wordpress.org/plugins/easy-property-listings/#developers https://wpvulndb.com/vulnerabilities/10075 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15817 – Easy Property Listings <= 3.3.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15817
The easy-property-listings plugin before 3.4 for WordPress has XSS. El plugin easy-property-listings anterior a la versión 3.4 para WordPress tiene XSS. • https://wordpress.org/plugins/easy-property-listings/#developers https://wpvulndb.com/vulnerabilities/9511 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •