Filtered by vendor Wordpress Plugin Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-5475 1 Wordpress Plugin 1 Responsive Video Embed 2024-11-21 5.4 Medium
The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2024-8044 2 Rubayathasan, Wordpress Plugin 2 Infolinks Ad Wrap, Infolinks Ad Wrap 2024-09-30 5.7 Medium
The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-8043 2 Seanschulte, Wordpress Plugin 2 Vikinghammer Tweet, Vikinghammer Tweet 2024-09-27 5.7 Medium
The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-8051 2 Moc, Wordpress Plugin 2 Special Feed Items, Special Feed Items 2024-09-27 5.7 Medium
The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.