CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32518 – WordPress WP Chinese Conversion Plugin <= 1.1.16 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32518
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <= 1.1.16 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en el plugin WP Chinese Conversion de Ono Oogami que afecta a las versiones 1.1.16 e inferiores. Para explotar esta vulnerabilidad no hace falta estar autenticado. The WP Chinese Conversion plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.16 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/wp-chinese-conversion/wordpress-wp-chinese-conversion-plugin-1-1-16-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4537 – Hide My WP Ghost – Security Plugin <= 5.0.18 - IP Address Spoofing to Protection Mechanism Bypass
https://notcve.org/view.php?id=CVE-2022-4537
The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in. • https://plugins.trac.wordpress.org/browser/hide-my-wp/tags/5.0.18/models/Brute.php#L131 https://plugins.trac.wordpress.org/browser/hide-my-wp/trunk/models/Brute.php#L132 https://www.wordfence.com/threat-intel/vulnerabilities/id/4cf89f94-587a-4fed-a6e4-3876b7dbc9ba?source=cve • CWE-345: Insufficient Verification of Data Authenticity CWE-348: Use of Less Trusted Source •