Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2023/08/30 3:15 p.m.2 views

CVE-2023-3356

The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

4.3CVSS5.8AI score0.00088EPSS
Exploits2References1
Prion
Prionadded 2023/08/30 3:15 p.m.19 views

Cross site scripting

The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

4.3CVSS4.6AI score0.00088EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/08/30 2:21 p.m.12 views

CVE-2023-3356 Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS

The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

6AI score0.00088EPSS
Exploits2References1
CVE
CVEadded 2023/08/30 2:21 p.m.41 views

CVE-2023-3356

CVE-2023-3356 affects the Subscribers Text Counter WordPress plugin (pre-1.7.1). The issue is a CSRF vulnerability that allows an authenticated attacker (logged-in admin) to update plugin settings without proper CSRF protection, which can lead to Stored XSS due to insufficient sanitisation/escapi...

4.3CVSS4.6AI score0.00088EPSS
Exploits2References1Affected Software1
CNNVD
CNNVDadded 2023/08/30 12:0 a.m.3 views

WordPress plugin Subscribers Text Counter 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.2AI score0.00088EPSS
Exploits2References2
Positive Technologies
Positive Technologiesadded 2023/08/30 12:0 a.m.4 views

PT-2023-24385 · WordPress · Subscribers Text Counter

Name of the Vulnerable Software and Affected Versions: Subscribers Text Counter WordPress plugin versions prior to 1.7.1 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. This...

4.3CVSS5AI score0.00088EPSS
Exploits2References5
WPVulnDB
WPVulnDBadded 2023/08/04 12:0 a.m.14 views

Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping PoC Create an HTML file with the...

4.3CVSS4.4AI score0.00088EPSS
Exploits2Affected Software1
Rows per page
Query Builder