Filtered by vendor Mooveagency
Subscribe
Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-4521 | 1 Mooveagency | 1 Import Xml And Rss Feeds | 2024-11-21 | N/A | 9.8 CRITICAL |
The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version. | |||||
CVE-2023-4300 | 1 Mooveagency | 1 Import Xml And Rss Feeds | 2024-11-21 | N/A | 7.2 HIGH |
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution. | |||||
CVE-2023-4150 | 1 Mooveagency | 1 User Activity Tracking And Log | 2024-11-21 | N/A | 4.3 MEDIUM |
The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks | |||||
CVE-2023-4013 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2024-11-21 | N/A | 6.5 MEDIUM |
The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks | |||||
CVE-2021-24287 | 1 Mooveagency | 1 Select All Categories And Taxonomies\, Change Checkbox To Radio Buttons | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue | |||||
CVE-2021-24286 | 1 Mooveagency | 1 Redirect 404 To Parent | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue | |||||
CVE-2021-24247 | 1 Mooveagency | 1 Contact Form Check Tester | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin. | |||||
CVE-2020-24148 | 1 Mooveagency | 1 Import Xml And Rss Feeds | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. | |||||
CVE-2019-25143 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2024-11-21 | N/A | 5.4 MEDIUM |
The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings. |