CVE-2024-47299 – WordPress Website Builder by SeedProd <= 6.17.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47299
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Stored XSS.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.17.4. The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.17.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://patchstack.com/database/vulnerability/coming-soon/wordpress-website-builder-by-seedprod-6-17-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-32088 – WordPress Website Builder plugin <= 6.15.20 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32088
Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.15.20. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd. Este problema afecta a la página Próximamente, modo en construcción y mantenimiento de SeedProd: desde n/a hasta 6.15.20. The Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.20. This is due to missing or incorrect nonce validation on the seedprod_lite_redirect_to_site() function. • https://patchstack.com/database/vulnerability/coming-soon/wordpress-website-builder-plugin-6-15-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-22714 – WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22714
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions. The Coming Soon by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke that function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/coming-soon-by-supsystic/wordpress-coming-soon-by-supsystic-plugin-1-7-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-1322 – Coming Soon - Under Construction <= 1.1.9 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1322
The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed El plugin Coming Soon - Under Construction de WordPress versiones hasta 1.1.9 no sanea ni escapa de algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando unfiltered_html está deshabilitado The Coming Soon – Under Construction plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/e1724471-26bd-4cb3-a279-51783102ed0c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-46781 – Coming Soon by Supsystic < 1.7.6 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-46781
The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting El plugin Coming Soon by Supsystic de WordPress versiones anteriores a 1.7.6, no sanea y escapa del parámetro tab antes de devolverlo a un atributo en el panel de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/49589867-f764-4c4a-b640-84973c673b23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •