Lucene search
K

4 matches found

CNNVD
CNNVD
added 2024/03/21 12:0 a.m.3 views

WordPress Plugin Crisp 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.5CVSS7.4AI score0.00317EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.11 views

Crisp < 0.45 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The Crisp plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.44 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrar...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/03/13 12:0 a.m.7 views

WordPress Crisp Plugin <= 0.44 is vulnerable to Cross Site Scripting (XSS)

Software Crisp Type Plugin Vulnerable versions = 0.44 Fixed in 0.45 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27963 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d24f23d72736 Credits stealthcopter Required privilege Subscriber...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/01/18 5:15 p.m.3 views

CVE-2021-43353

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

8.8CVSS5.8AI score0.00608EPSS
Exploits0References2
Rows per page
Query Builder