CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24700 – WordPress WP Editor plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-24700
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en WP Editor de Benjamin Rojas para WordPress permite XSS reflejado. Este problema afecta al WP Editor: desde n/a hasta 1.2.8. The WP Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-editor/wordpress-wp-editor-plugin-1-2-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25591 – WordPress WP Editor plugin <=1.2.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-25591
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Benjamin Rojas WP Editor. Este problema afecta al WP Editor: desde n/a hasta 1.2.7. The WP Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including configuration information. • https://patchstack.com/database/vulnerability/wp-editor/wordpress-wp-editor-plugin-1-2-7-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24367 – WP Config File Editor <= 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24367
The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. El plugin de WordPress WP Config File Editor versiones hasta 1.7.1, estaba afectado por una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenada y Autenticada • https://wpscan.com/vulnerability/f35b7c8f-cfb6-42b6-8a3a-8c07cd1e9da0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9336
https://notcve.org/view.php?id=CVE-2017-9336
The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post. El plugin WP Editor.MD versión 1.6 para WordPress, tiene una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el contenido de un mensaje. • http://lncken.cn/?p=258 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10877 – WP Editor <= 1.2.6.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10877
The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues. El plugin wp-editor anterior a la versión 1.2.6.3 para WordPress tiene múltiples problemas de XSS. • https://wordpress.org/plugins/wp-editor/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •