CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10472 – Stylish Price List < 7.1.12 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10472
25 Mar 2025 — The Stylish Price List WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/d79e5c05-26d0-4223-891f-42ac9fb6ef6e •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51673 – WordPress Stylish Price List Plugin <= 7.0.17 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-51673
27 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu. Este problema afecta a Stylish Price List – Price Table Builder & QR Code Restaurant Menu: desde n/a hasta 7.0.17. The Stylish Pric... • https://patchstack.com/database/vulnerability/stylish-price-list/wordpress-stylish-price-list-plugin-7-0-17-broken-access-control-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24757 – Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload
https://notcve.org/view.php?id=CVE-2021-24757
29 Sep 2021 — The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images. El plugin Stylish Price List de WordPress versiones anteriores a 6.9.0, no lleva a cabo comprobaciones de capacidad en su acción spl_upload_ser_img AJAX (disponible para usuarios autenticados y no autenticados), que podría permitir a usuarios no autenticados subir im... • https://wpscan.com/vulnerability/352a9e05-2d5f-4bf7-8da9-85621fb15d91 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24770 – Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload
https://notcve.org/view.php?id=CVE-2021-24770
29 Sep 2021 — The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images. El plugin Stylish Price List de WordPress versiones anteriores a 6.9.1, no lleva a cabo comprobaciones de capacidad en su acción spl_upload_ser_img AJAX (disponible para usuarios autenticados), que podría permitir a cualquier usuario autenticado, como un susc... • https://wpscan.com/vulnerability/4365c813-4bd7-4c7c-a15b-ef9a42d32b26 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •