CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5609 – Seraphinite Accelerator < 2.20.29 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-5609
27 Oct 2023 — The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento Seraphinite Accelerator de WordPress anterior a 2.2.29 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera un ataque de Cross-Site Scripting reflejado que podría usarse contra usuarios con privilegios elevados, como admin... • https://wpscan.com/vulnerability/aac4bcc8-b826-4165-aed3-f422dd178692 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5610 – Seraphinite Accelerator < 2.20.29 - Authenticated Arbitrary Redirect
https://notcve.org/view.php?id=CVE-2023-5610
27 Oct 2023 — The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect El complemento Seraphinite Accelerator de WordPress anterior a 2.2.29 no valida la URL para redirigir a cualquier usuario autenticado, lo que genera una redirección arbitraria. The Seraphinite Accelerator plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.20.28. This is due to insufficient validation on the redir... • https://wpscan.com/vulnerability/e880a9fb-b089-4f98-9781-7d946f22777e • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •