The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
4.4CVSS
5.7AI Score
0.0004EPSS
Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to...
5.9CVSS
5.5AI Score
0.001EPSS
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to...
6.5CVSS
6.2AI Score
0.001EPSS
6.1CVSS
6.6AI Score
0.004EPSS
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...
5.3CVSS
5.3AI Score
0.001EPSS
Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer...
8AI Score
0.005EPSS