PT-2025-15672 · WordPress · Wp Multitasking

Name of the Vulnerable Software and Affected Versions: WP MultiTasking WordPress plugin versions 0.1.12 and earlier Description: The issue concerns a lack of CSRF check when updating Header, Footer, and Body Script Settings. This could allow attackers to make logged-in admins perform such actions...

WordPress plugin WP MultiTasking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP MultiTasking plugin <= 0.1.17 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Michelle Porter in WordPress Plugin WP MultiTasking versions = 0.1.17...

WordPress WP MultiTasking Plugin <= 0.1.17 is vulnerable to Cross Site Scripting (XSS)

Software WP MultiTasking Type Plugin Vulnerable versions = 0.1.17 Fixed in 0.1.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8189 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7a7b5f41d3b0 Credits Michelle Porter Requir...

CVE-2024-8189

The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmtmenuname’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-8189 WP MultiTasking - WP Utilities <= 0.1.17 - Authenticated (Administrator+) Stored Cross-Site Scripting

The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmtmenuname’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-6856

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-6852

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-6853

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack...

CVE-2024-6853

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack...

CVE-2024-6855

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack...

CVE-2024-6859 WP MultiTasking <= 0.1.12 - Reflected XSS via Shortcode

The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-6853

The CVE CVE-2024-6853 concerns WP MultiTasking for WordPress, affected in versions

CVE-2024-6852

CVE-2024-6852 concerns the WordPress plugin WP MultiTasking (versions ≤ 0.1.12). The issue is a missing CSRF check when updating plugin settings, which could allow an attacker to force a logged-in admin to modify settings via CSRF. Public sources in connected documents confirm the root cause as l...

CVE-2024-6856 WP MultiTasking <= 0.1.12 - SMTP Settings Update via CSRF

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-6859

CVE-2024-6859 affects WP MultiTasking ≤ 0.1.12 (WP Utilities) and is described in Red Hat/NVD entries as a Stored XSS via shortcode attributes. The root cause is lack of validation/escaping of shortcode attributes before output, enabling users with the contributor role or higher to inject script ...

CVE-2024-6852 WP MultiTasking <= 0.1.12 - Settings Update via CSRF

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-6855 WP MultiTasking <= 0.1.12 - Exit Popup Update via CSRF

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack...

CVE-2024-6856

CVE-2024-6856 affects the WordPress plugin WP MultiTasking (versions up to 0.1.12). The root cause is a missing CSRF check when updating plugin settings, enabling a logged-in attacker to modify settings through a CSRF attack. Exploitation details are not provided beyond this description in the co...

WordPress plugin WP MultiTasking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...