Vulnerabilities (CVE)

Filtered by vendor Mooveagency Subscribe
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4521 1 Mooveagency 1 Import Xml And Rss Feeds 2024-11-21 N/A 9.8 CRITICAL
The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.
CVE-2023-4300 1 Mooveagency 1 Import Xml And Rss Feeds 2024-11-21 N/A 7.2 HIGH
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.
CVE-2023-4150 1 Mooveagency 1 User Activity Tracking And Log 2024-11-21 N/A 4.3 MEDIUM
The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks
CVE-2023-4013 1 Mooveagency 1 Gdpr Cookie Compliance 2024-11-21 N/A 6.5 MEDIUM
The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks
CVE-2021-24287 1 Mooveagency 1 Select All Categories And Taxonomies\, Change Checkbox To Radio Buttons 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
CVE-2021-24286 1 Mooveagency 1 Redirect 404 To Parent 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
CVE-2021-24247 1 Mooveagency 1 Contact Form Check Tester 2024-11-21 3.5 LOW 5.4 MEDIUM
The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.
CVE-2020-24148 1 Mooveagency 1 Import Xml And Rss Feeds 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.
CVE-2019-25143 1 Mooveagency 1 Gdpr Cookie Compliance 2024-11-21 N/A 5.4 MEDIUM
The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings.