Search Results | AttackerKB

Show filters

Topics 3 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2024-9208

Disclosure Date: January 07, 2025 (last updated January 07, 2025)

The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-30484

Disclosure Date: May 25, 2023 (last updated October 08, 2023)

Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Accessibility plugin <= 1.4 versions.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-47149

Disclosure Date: May 25, 2023 (last updated November 08, 2023)

Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions.

Attack Vector: Network Privileges: None User Interaction: Required

0