CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38754 – WordPress Tagbox plugin <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-38754
11 Jul 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Taggbox allows Cross Site Request Forgery.This issue affects Taggbox: from n/a through 3.3. The Taggbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action ... • https://patchstack.com/database/wordpress/plugin/taggbox-widget/vulnerability/wordpress-tagbox-plugin-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32552 – WordPress Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32552
16 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tagbox Taggbox allows Stored XSS.This issue affects Taggbox: from n/a through 3.2. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('cross-site Scripting') en Tagbox Taggbox permite almacenar XSS. Este problema afecta a Taggbox: desde n/a hasta 3.2. The Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin for WordPress is vulnerable to ... • https://patchstack.com/database/vulnerability/taggbox-widget/wordpress-tagbox-ugc-galleries-social-media-widgets-user-reviews-analytics-plugin-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52225 – WordPress Taggbox Plugin <= 3.1 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-52225
05 Jan 2024 — Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1. Vulnerabilidad de deserialización de datos no confiables en Tagbox Tagbox: galerías UGC, widgets de redes sociales, reseñas y análisis de usuarios. Este problema afecta a Tagbox: galerías UGC, widgets de redes sociales, reseñas y análisis de usuarios: desde n/a hasta 3.... • https://patchstack.com/database/vulnerability/taggbox-widget/wordpress-tagbox-widget-plugin-3-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33215 – WordPress Taggbox plugin <= 3.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-33215
19 Oct 2023 — Missing Authorization vulnerability in Tagbox Taggbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through 3.3. The Taggbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions. • https://patchstack.com/database/wordpress/plugin/taggbox-widget/vulnerability/wordpress-taggbox-ugc-galleries-social-media-widgets-user-reviews-analytics-plugin-2-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45763 – WordPress Taggbox Plugin <= 2.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45763
16 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <= 2.9 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Taggbox en versiones <= 2.9. Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <= 2.9 versions. • https://patchstack.com/database/vulnerability/taggbox-widget/wordpress-taggbox-ugc-galleries-social-media-widgets-user-reviews-analytics-plugin-2-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33214 – WordPress Taggbox Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33214
12 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tagbox agbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics. Este problema afecta a Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: desde n/a hasta 3.1. The Taggbox p... • https://patchstack.com/database/vulnerability/taggbox-widget/wordpress-taggbox-ugc-galleries-social-media-widgets-user-reviews-analytics-plugin-2-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •