Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

wp-master

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated ProductsRelated AssignersReports
5Vulnerabilities found
CVE-2024-5170
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-5.7||MEDIUM
EPSS-0.07% / 22.59%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 06:00
Updated-27 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget

The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Action-Not Available
Vendor-wp-masterUnknownlogo_manager_for_enamad
Product-logo_manager_for_enamadLogo Manager For Enamadlogo_manager_for_enamad
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4757
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-8.1||HIGH
EPSS-0.81% / 73.22%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 06:00
Updated-19 May, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Action-Not Available
Vendor-wp-masterUnknownlogo_manager_for_enamad
Product-logo_manager_for_enamadLogo Manager For Enamadlogo_manager_for_enamad
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-3993
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-4.6||MEDIUM
EPSS-0.14% / 34.74%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 06:00
Updated-13 May, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AZAN Plugin <= 0.6 - Stored XSS via CSRF

The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Action-Not Available
Vendor-wp-masterUnknownomid_shamloo
Product-azanAZAN Pluginazan_plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-25795
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 18.09%
||
7 Day CHG~0.00%
Published-20 Mar, 2023 | 10:28
Updated-13 Jan, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Feed Changer Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.Ir Feed Changer & Remover plugin <= 0.2 versions.

Action-Not Available
Vendor-wp-masterWP-master.ir
Product-feed_changer_\&_removerFeed Changer & Remover
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-4307
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.38% / 58.66%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 14:31
Updated-02 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS

The پلاگین پرداخت دلخواه WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.

Action-Not Available
Vendor-wp-masterUnknown
Product-pardakht-delkhahپلاگین پرداخت دلخواه
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')