CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36692 – WordPress WP-Cirrus Plugin <= 0.6.11 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-36692
04 Jul 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Kramer & Hendrik Thole WP-Cirrus plugin <= 0.6.11 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el plugin WP-Cirrus de Christian Kramer & Hendrik Thole que afecta a las versiones 0.6.11 e inferiores. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de administrador. The WP-Cirrus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions ... • https://patchstack.com/database/vulnerability/wp-cirrus/wordpress-wp-cirrus-plugin-0-6-11-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34181 – WordPress WP-Cirrus Plugin <= 0.6.11 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34181
30 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WP-Cirrus plugin <= 0.6.11 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WP-Cirrus en versiones <= 0.6.11. The WP-Cirrus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.11. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can tri... • https://patchstack.com/database/vulnerability/wp-cirrus/wordpress-wp-cirrus-plugin-0-6-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •