Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-51655

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-19 Nov, 2024 | 16:32
Updated At-20 Nov, 2024 | 14:11
Rejected At-
Credits

WordPress Custom Author URL plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Microkid Custom Author URL allows Stored XSS.This issue affects Custom Author URL: from n/a through 2.0.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:19 Nov, 2024 | 16:32
Updated At:20 Nov, 2024 | 14:11
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Custom Author URL plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Microkid Custom Author URL allows Stored XSS.This issue affects Custom Author URL: from n/a through 2.0.1.

Affected Products
Vendor
Microkid
Product
Custom Author URL
Collection URL
https://wordpress.org/plugins
Package Name
author-slug
Default Status
unaffected
Versions
Affected
  • From n/a through 2.0.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
SOPROBRO (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/author-slug/wordpress-custom-author-url-plugin-2-0-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/author-slug/wordpress-custom-author-url-plugin-2-0-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:19 Nov, 2024 | 17:15
Updated At:19 Nov, 2024 | 21:57

Cross-Site Request Forgery (CSRF) vulnerability in Microkid Custom Author URL allows Stored XSS.This issue affects Custom Author URL: from n/a through 2.0.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/author-slug/wordpress-custom-author-url-plugin-2-0-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/author-slug/wordpress-custom-author-url-plugin-2-0-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

687Records found
CVE-2024-32549
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.97%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 08:07
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Related Posts for WordPress plugin <= 4.0.3 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Microkid Related Posts for WordPress allows Cross-Site Scripting (XSS).This issue affects Related Posts for WordPress: from n/a through 4.0.3.

Action-Not Available
Vendor-Microkid
Product-Related Posts for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-22355
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 2.89%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-27 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple XML Sitemap plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3.

Action-Not Available
Vendor-gregmolnar
Product-Simple XML Sitemap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-68885
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 05:34
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Page Carbajal Custom Post Status allows Stored XSS.This issue affects Custom Post Status: from n/a through 1.1.0.

Action-Not Available
Vendor-Page Carbajal
Product-Custom Post Status
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54429
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.49%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Aphorismus plugin <= 1.2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ivan Ovsyannikov Aphorismus allows Stored XSS.This issue affects Aphorismus: from n/a through 1.2.0.

Action-Not Available
Vendor-Ivan Ovsyannikov
Product-Aphorismus
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-56232
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 17.07%
||
7 Day CHG+0.02%
Published-31 Dec, 2024 | 10:05
Updated-31 Dec, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Nice Loader plugin <= 0.1.0.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4.

Action-Not Available
Vendor-Alexander Volkov
Product-WP Nice Loader
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54386
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.09%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9.

Action-Not Available
Vendor-Get Push Monkey LLC
Product-Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54434
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.49%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress phZoom plugin <= 1.2.92 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Phoetry phZoom allows Stored XSS.This issue affects phZoom: from n/a through 1.2.92.

Action-Not Available
Vendor-Phoetry
Product-phZoom
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53712
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.32%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kevin's plugin <= 2.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kevin McCabe Kevin's allows Stored XSS.This issue affects Kevin's: from n/a through 2.0.0.

Action-Not Available
Vendor-Kevin McCabe
Product-Kevin's
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53716
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wp auto top plugin <= 2.9.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto top allows Stored XSS.This issue affects wp auto top: from n/a through 2.9.3.

Action-Not Available
Vendor-overtrue
Product-wp auto top
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53777
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Header and Footer plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alberto Reineri Simple Header and Footer allows Stored XSS.This issue affects Simple Header and Footer: from n/a through 1.0.0.

Action-Not Available
Vendor-Alberto Reineri
Product-Simple Header and Footer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53728
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Protect Your Content plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SEO-Küche Internet Marketing GmbH & Co. KG Protect Your Content allows Stored XSS.This issue affects Protect Your Content: from n/a through 1.0.2.

Action-Not Available
Vendor-SEO-Küche Internet Marketing GmbH & Co. KG
Product-Protect Your Content
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54337
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:25
Updated-13 Dec, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DX Dark Site plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site allows Stored XSS.This issue affects DX Dark Site: from n/a through 1.0.1.

Action-Not Available
Vendor-DevriX
Product-DX Dark Site
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54416
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.02%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wp Login with Ajax plugin <= 0.6 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Navdeep Kumar Wp Login with Ajax allows Stored XSS.This issue affects Wp Login with Ajax: from n/a through 0.6.

Action-Not Available
Vendor-Navdeep Kumar
Product-Wp Login with Ajax
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53723
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google Plus Share and +1 Button plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in A.Cihangir BALTACI Google Plus Share and +1 Button allows Stored XSS.This issue affects Google Plus Share and +1 Button: from n/a through 1.0.

Action-Not Available
Vendor-A.Cihangir BALTACI
Product-Google Plus Share and +1 Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53722
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Favicon My Blog plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic Favicon My Blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through 1.0.2.

Action-Not Available
Vendor-Rockemmusic
Product-Favicon My Blog
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53732
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 11:03
Updated-28 Nov, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Footer Flyout Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP WOX Footer Flyout Widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through 1.1.

Action-Not Available
Vendor-WP WOX
Product-Footer Flyout Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54399
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.45%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CRUDLab Google Plus Button plugin <= 1.0.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through 1.0.2.

Action-Not Available
Vendor-CRUDLab
Product-CRUDLab Google Plus Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54436
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jet Footer Code plugin <= 1.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jettochkin Jet Footer Code allows Stored XSS.This issue affects Jet Footer Code: from n/a through 1.4.

Action-Not Available
Vendor-Jettochkin
Product-Jet Footer Code
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54394
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.57%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mandrill WP plugin <= 1.0.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Web solution soft Mandrill WP allows Stored XSS.This issue affects Mandrill WP: from n/a through 1.0.5.

Action-Not Available
Vendor-Web solution soft
Product-Mandrill WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53730
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.04%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:43
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aaron Hodge Silver April's Call Posts allows Stored XSS. This issue affects April's Call Posts: from n/a through 2.1.1.

Action-Not Available
Vendor-Aaron Hodge Silver
Product-April's Call Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54421
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Floating Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sanjay Singh Negi Floating Video Player allows Stored XSS.This issue affects Floating Video Player: from n/a through 1.0.

Action-Not Available
Vendor-Sanjay Singh Negi
Product-Floating Video Player
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53762
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FastBook plugin <= 1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Faster Themes FastBook – Responsive Appointment Booking and Scheduling System allows Stored XSS.This issue affects FastBook – Responsive Appointment Booking and Scheduling System: from n/a through 1.1.

Action-Not Available
Vendor-Faster Themes
Product-FastBook – Responsive Appointment Booking and Scheduling System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53718
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Feed Reader plugin <= 2.2.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through 2.2.4.

Action-Not Available
Vendor-Eric Teubert
Product-Multi Feed Reader
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54392
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.57%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP微信机器人 plugin <= 5.3.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Midoks WP微信机器人 allows Stored XSS.This issue affects WP微信机器人: from n/a through 5.3.5.

Action-Not Available
Vendor-Midoks
Product-WP微信机器人
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53736
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.13%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 11:01
Updated-28 Nov, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Shortcode Sidebars plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom Shortcode Sidebars allows Stored XSS.This issue affects Custom Shortcode Sidebars: from n/a through 1.2.

Action-Not Available
Vendor-Jason Grim
Product-Custom Shortcode Sidebars
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53778
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.13%
||
7 Day CHG~0.00%
Published-30 Nov, 2024 | 21:15
Updated-01 Dec, 2024 | 23:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Breadcrumbs plugin <= 1.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through 1.1.1.

Action-Not Available
Vendor-Essential Marketer
Product-Essential Breadcrumbs
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54423
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Media Sharing plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through 1.1.

Action-Not Available
Vendor-Jesse Overright
Product-Social Media Sharing
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54393
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.57%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Fiddle plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through 1.0.

Action-Not Available
Vendor-Sheikh Heera
Product-WP Fiddle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54391
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.57%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Filter plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPress Filter allows Stored XSS.This issue affects WordPress Filter: from n/a through 1.4.1.

Action-Not Available
Vendor-Matt Walters
Product-WordPress Filter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54428
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Add image to Post plugin <= 0.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Add image to Post allows Stored XSS.This issue affects Add image to Post: from n/a through 0.6.

Action-Not Available
Vendor-onigetoc
Product-Add image to Post
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54433
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Booking – Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Simple Booking Simple Booking Widget allows Stored XSS.This issue affects Simple Booking Widget: from n/a through 1.1.

Action-Not Available
Vendor-Simple Booking
Product-Simple Booking Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53750
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 17.07%
||
7 Day CHG~0.00%
Published-01 Dec, 2024 | 21:21
Updated-01 Dec, 2024 | 23:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PayPal Responder plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.

Action-Not Available
Vendor-Maeve Lander
Product-PayPal Responder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54415
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-HideThat plugin <= 1.2 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-HideThat allows Stored XSS.This issue affects WP-HideThat: from n/a through 1.2.

Action-Not Available
Vendor-Cyle Conoly
Product-WP-HideThat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53755
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Third Party Cookie Eraser plugin <= 1.0.2 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Third Party Cookie Eraser allows Stored XSS.This issue affects Third Party Cookie Eraser: from n/a through 1.0.2.

Action-Not Available
Vendor-Andrea Pernici
Product-Third Party Cookie Eraser
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54388
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.27%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multiple Admin Emails plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through 1.0.

Action-Not Available
Vendor-Phuc Pham
Product-Multiple Admin Emails
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53729
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.04%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blizzard Quotes plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Plumeria Web Design Blizzard Quotes allows Stored XSS.This issue affects Blizzard Quotes: from n/a through 1.3.

Action-Not Available
Vendor-Plumeria Web Design
Product-Blizzard Quotes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54420
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.09%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Metrika plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aleksander Novikov Metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through 1.2.

Action-Not Available
Vendor-Aleksander Novikov
Product-Metrika
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54425
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.49%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LionScripts: Site Maintenance plugin <= 2.1 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.com LionScripts: Site Maintenance & Noindex Nofollow Plugin allows Stored XSS.This issue affects LionScripts: Site Maintenance & Noindex Nofollow Plugin: from n/a through 2.1.

Action-Not Available
Vendor-LionScripts.com
Product-LionScripts: Site Maintenance & Noindex Nofollow Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53726
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RealtyCandy IDX Broker Extended plugin <= 1.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Realty Candy RealtyCandy IDX Broker Extended allows Stored XSS.This issue affects RealtyCandy IDX Broker Extended: from n/a through 1.5.1.

Action-Not Available
Vendor-Realty Candy
Product-RealtyCandy IDX Broker Extended
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53719
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zajax – Ajax Navigation plugin <= 0.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Zajax – Ajax Navigation allows Stored XSS.This issue affects Zajax – Ajax Navigation: from n/a through 0.4.

Action-Not Available
Vendor-onigetoc
Product-Zajax – Ajax Navigation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53725
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Hits Counter plugin <= 2.8.23 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Script-Recipes Post Hits Counter allows Reflected XSS.This issue affects Post Hits Counter: from n/a through 2.8.23.

Action-Not Available
Vendor-Script-Recipes
Product-Post Hits Counter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54414
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Geoportail Shortcode plugin <= 2.4.4 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through 2.4.4.

Action-Not Available
Vendor-geoWP
Product-Geoportail Shortcode
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Linda MacPhee-Cobb Category of Posts allows Stored XSS.This issue affects Category of Posts: from n/a through 1.0.

Action-Not Available
Vendor-Linda MacPhee-Cobb
Product-Category of Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54426
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LeaderBoard Plugin plugin <= 1.2.4 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andy Fradelakis LeaderBoard Plugin allows Stored XSS.This issue affects LeaderBoard Plugin: from n/a through 1.2.4.

Action-Not Available
Vendor-Andy Fradelakis
Product-LeaderBoard Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53711
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.32%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hotlink2Watermark plugin <= 0.3.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jean-Marc BIANCA Hotlink2Watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through 0.3.2.

Action-Not Available
Vendor-Jean-Marc BIANCA
Product-Hotlink2Watermark
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53782
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Video Store plugin <= 21.07 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount Photo Video Store allows Cross-Site Scripting (XSS).This issue affects Photo Video Store: from n/a through 21.07.

Action-Not Available
Vendor-CMSaccount
Product-Photo Video Store
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54411
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.02%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Controller plugin <= 3.2.0 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in hosting.io, campaigns.io WP Controller allows Stored XSS.This issue affects WP Controller: from n/a through 3.2.0.

Action-Not Available
Vendor-hosting.io, campaigns.io
Product-WP Controller
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54439
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Amazon Product Price plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari Amazon Product Price allows Stored XSS.This issue affects Amazon Product Price: from n/a through 1.1.

Action-Not Available
Vendor-Alok Tiwari
Product-Amazon Product Price
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54405
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ECT Social Share plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Social Share allows Stored XSS.This issue affects ECT Social Share: from n/a through 1.3.

Action-Not Available
Vendor-Andy Chapman
Product-ECT Social Share
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54407
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.57%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CK and SyntaxHighlighter plugin <= 3.4.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in 随意的风 CK and SyntaxHighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through 3.4.2.

Action-Not Available
Vendor-随意的风
Product-CK and SyntaxHighlighter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 13
  • 14
  • Next
Details not found