Show filters
53 Total Results
Displaying 41-50 of 53
Sort by:
Attacker Value
Unknown

CVE-2021-46780

Disclosure Date: April 25, 2022 (last updated February 23, 2025)
The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-39346

Disclosure Date: November 01, 2021 (last updated February 23, 2025)
The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
0
0
Attacker Value
Unknown

CVE-2021-24274

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-24276

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-24275

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-12075

Disclosure Date: April 23, 2020 (last updated February 21, 2025)
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-12076

Disclosure Date: April 23, 2020 (last updated February 21, 2025)
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-9392

Disclosure Date: March 23, 2020 (last updated February 21, 2025)
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-9394

Disclosure Date: February 25, 2020 (last updated February 21, 2025)
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-9393

Disclosure Date: February 25, 2020 (last updated February 21, 2025)
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  < Previous  Next >