Search
Search Results (26 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1023 | 1 Joomunited | 1 Wp Meta Seo | 2025-01-13 | 5.4 Medium |
| The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to change sitemap-related settings of the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. | ||||
| CVE-2023-1022 | 1 Joomunited | 1 Wp Meta Seo | 2025-01-13 | 5.4 Medium |
| The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google analytics options maintained by the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. | ||||
| CVE-2022-47602 | 1 Joomunited | 1 Wp Table Manager | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in JoomUnited WP Table Manager plugin <= 3.5.2 versions. | ||||
| CVE-2024-22148 | 1 Joomunited | 1 Wp-smart-editor | 2024-11-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3. | ||||
| CVE-2022-1093 | 1 Joomunited | 1 Wp Meta Seo | 2024-11-21 | 4.8 Medium |
| The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed. | ||||
| CVE-2016-10913 | 1 Joomunited | 1 Wp Latest Posts | 2024-11-21 | N/A |
| The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. | ||||