CVSS: 10.0EPSS: 23%CPEs: 3EXPL: 13CVE-2024-10924 – Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-10924
14 Nov 2024 — The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default). • https://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-exploit • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6498 – Complianz | GDPR/CCPA Cookie Consent <= 6.5.5 - Authenticated(Administrator+) Stored Cross-site Scripting via settings
https://notcve.org/view.php?id=CVE-2023-6498
03 Jan 2024 — The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3009228%40complianz-gdpr&new=3009228%40complianz-gdpr&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52180 – WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.1.0 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-52180
29 Dec 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.1.0. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes. Este problema afecta a Recipe Maker For Your Food Blog ... • https://patchstack.com/database/vulnerability/zip-recipes/wordpress-recipe-maker-for-your-food-blog-from-zip-recipes-plugin-8-1-0-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35089 – WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35089
15 Jun 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.7 versions. The Recipe Maker For Your Food Blog from Zip Recipes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.7. This is due to missing or incorrect nonce validation on mutiple actions. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a s... • https://patchstack.com/database/vulnerability/zip-recipes/wordpress-recipe-maker-for-your-food-blog-from-zip-recipes-plugin-8-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34030 – WordPress Complianz and Complianz Premium plugins - Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34030
30 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium permite la Cross-Site Request Forgery. Este problema afecta a Complianz: desde n/a hasta 6.4.5; Complianz Premium: desde n/a hast... • https://patchstack.com/database/vulnerability/complianz-gdpr-premium/wordpress-complianz-premium-plugin-6-4-7-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33333 – WordPress Complianz and Complianz Premium plugins - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-33333
12 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium permite Cross-Site Scripting (XSS). Este problema afecta a Complianz: desde n/a hasta 6.4.4; Complianz Premium: desde n/a hasta... • https://patchstack.com/database/vulnerability/complianz-gdpr-premium/wordpress-complianz-premium-plugin-6-4-6-1-csrf-to-site-wide-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31076 – WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-31076
24 Apr 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.6 versions. The Zip Recipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in versions up to, and including, 8.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user i... • https://patchstack.com/database/vulnerability/zip-recipes/wordpress-recipe-maker-for-your-food-blog-from-zip-recipes-plugin-8-0-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-1069 – Complianz - GDPR/CCPA Cookie Consent < 6.4.2 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-1069
06 Mar 2023 — The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 6.4.1 due t... • https://wpscan.com/vulnerability/caacc50c-822e-46e9-bc0b-681349fd0dda • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-3494 – Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi
https://notcve.org/view.php?id=CVE-2022-3494
17 Oct 2022 — The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML. El complemento Complianz WordPress anterior a 6.3.4 y el complemento Complianz Premium WordPress anterior a 6.3.6 permiten a los traductores inyectar SQL arbitrario a través de una ... • https://wpscan.com/vulnerability/71db75c0-5907-4237-884f-8db88b1a9b34 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0193 – Complianz - GDPR/CCPA Cookie Consent < 6.0.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0193
17 Jan 2022 — The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting El plugin Complianz de WordPress versiones anteriores a 6.0.0, no escapa el parámetro s antes de devolverlo en un atributo en una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2654225 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •