Show filters
17 Total Results
Displaying 1-10 of 17
Sort by:
Attacker Value
Unknown

CVE-2023-28995

Disclosure Date: July 10, 2023 (last updated October 08, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-23875

Disclosure Date: May 03, 2023 (last updated October 08, 2023)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin <= 1.0 versions.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-23815

Disclosure Date: April 06, 2023 (last updated November 08, 2023)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Jackson Multi-column Tag Map plugin <= 17.0.24 versions.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-36417

Disclosure Date: September 22, 2022 (last updated October 08, 2023)
Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-2412

Disclosure Date: August 08, 2022 (last updated October 08, 2023)
The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-2411

Disclosure Date: August 08, 2022 (last updated October 08, 2023)
The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-31560

Disclosure Date: July 11, 2022 (last updated October 07, 2023)
The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-29243

Disclosure Date: December 28, 2020 (last updated February 22, 2025)
dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readAPICFrame.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-29242

Disclosure Date: December 28, 2020 (last updated February 22, 2025)
dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readPICFrame.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-29245

Disclosure Date: December 28, 2020 (last updated February 22, 2025)
dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  Next >