Search Results (87 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-1547 1 Wpchill 1 Check \& Log Email 2024-11-21 6.1 Medium
The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2022-1054 1 Wpchill 1 Rsvp And Event Management 2024-11-21 5.3 Medium
The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events
CVE-2021-25050 1 Wpchill 1 Remove Footer Credit 2024-11-21 4.8 Medium
The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
CVE-2021-24908 1 Wpchill 1 Check \& Log Email 2024-11-21 6.1 Medium
The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
CVE-2021-24774 1 Wpchill 1 Check \& Log Email 2024-11-21 7.2 High
The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues
CVE-2021-24446 1 Wpchill 1 Remove Footer Credit 2024-11-21 5.4 Medium
The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation
CVE-2020-8549 1 Wpchill 1 Strong Testimonials 2024-11-21 6.1 Medium
Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.