Vulnerabilities (CVE)

Filtered by vendor Projectcaruso Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-3966 1 Projectcaruso 1 Pray For Me 2024-11-21 N/A 6.1 MEDIUM
The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin
CVE-2024-7691 1 Projectcaruso 1 Flaming Forms 2024-10-04 N/A 6.1 MEDIUM
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.
CVE-2024-7692 1 Projectcaruso 1 Flaming Forms 2024-10-04 N/A 6.1 MEDIUM
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.