Show filters
20 Total Results
Displaying 11-20 of 20
Sort by:
Attacker Value
Unknown

CVE-2024-4086

Disclosure Date: May 02, 2024 (last updated January 05, 2025)
The CM Tooltip Glossary – Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.11. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's settings or reset them via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
0
0
Attacker Value
Unknown

CVE-2024-31285

Disclosure Date: April 11, 2024 (last updated April 12, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3.
0
0
Attacker Value
Unknown

CVE-2024-30243

Disclosure Date: March 28, 2024 (last updated January 05, 2025)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.
0
0
Attacker Value
Unknown

CVE-2023-25985

Disclosure Date: November 18, 2023 (last updated November 28, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through 8.2.5.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-25958

Disclosure Date: May 12, 2023 (last updated October 08, 2023)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin <= 2.1.4 versions.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-4826

Disclosure Date: February 06, 2023 (last updated October 08, 2023)
The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-24678

Disclosure Date: October 04, 2021 (last updated November 28, 2024)
The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-1000505

Disclosure Date: June 26, 2018 (last updated November 26, 2024)
Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.
0
0
Attacker Value
Unknown

CVE-2018-1000512

Disclosure Date: June 26, 2018 (last updated November 26, 2024)
Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.
0
0
Attacker Value
Unknown

CVE-2016-1000132

Disclosure Date: October 10, 2016 (last updated November 25, 2024)
Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
0
0
View More Topics  < Previous