Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-30290

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00608EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 9:36 p.m.6 views

CVE-2021-43353

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

8.8CVSS6.8AI score0.00608EPSS
Exploits0
CNVD
CNVD
added 2022/01/21 12:0 a.m.61 views

WordPress Crisp Live Chat plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Crisp Live Chat plugin, which stems from a...

8.8CVSS1.5AI score0.00608EPSS
Exploits0References1
NVD
NVD
added 2022/01/18 5:15 p.m.27 views

CVE-2021-43353

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

8.8CVSS0.00608EPSS
Exploits0References2
OSV
OSV
added 2022/01/18 5:15 p.m.3 views

CVE-2021-43353

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

8.8CVSS5.8AI score0.00608EPSS
Exploits0References2
Prion
Prion
added 2022/01/18 5:15 p.m.17 views

Cross site request forgery (csrf)

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

6.8CVSS8.5AI score0.00608EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/01/18 4:52 p.m.62 views

CVE-2021-43353

The CVE-2021-43353 entry concerns the WordPress Crisp Live Chat plugin, where a Cross-Site Request Forgery (CSRF) vulnerability arises from missing nonce validation in the crisp_plugin_settings_page function (crisp.php), affecting versions up to 0.31. This CSRF flaw enables an attacker to inject ...

8.8CVSS8.7AI score0.00608EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/01/18 4:52 p.m.8 views

CVE-2021-43353 Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

8.8CVSS8.7AI score0.00608EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/01/18 4:52 p.m.28 views

CVE-2021-43353 Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

8.8CVSS8.8AI score0.00608EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.3 views

WordPress plugin 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Crisp Live Chat plugin, which stems from a...

8.8CVSS5.3AI score0.00608EPSS
Exploits0References3
Patchstack
Patchstack
added 2021/12/16 12:0 a.m.24 views

WordPress Crisp Live Chat plugin <= 0.31 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by José Aguilera in WordPress Crisp Live Chat plugin versions = 0.31. Solution Update the WordPress Crisp Live Chat plugin to the latest available version at least 0.32...

8.8CVSS1.9AI score0.00608EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/16 12:0 a.m.27 views

Crisp Live Chat < 0.32 - CSRF to Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

8.8CVSS3.8AI score0.00608EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder