WordPress CM Table Of Contents plugin < 1.2.4 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Felipe Caon in WordPress Plugin CM Table Of Contents – WordPress TOC Plugin versions 1.2.4...

WordPress CM Table Of Contents – WordPress TOC Plugin Plugin < 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software CM Table Of Contents – WordPress TOC Plugin Type Plugin Vulnerable versions 1.2.4 Fixed in 1.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5029 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7d80877428bb...

PT-2024-34114 · WordPress · Cm Table Of Contents

Name of the Vulnerable Software and Affected Versions: CM Table Of Contents WordPress plugin versions prior to 1.2.4 Description: The issue concerns a lack of CSRF check when updating settings, as well as missing sanitization and escaping. This could allow attackers to make logged-in admins add...

WordPress CM Table Of Contents – WordPress TOC Plugin plugin < 1.2.3 - Settings Reset via CSRF vulnerability

Settings Reset via CSRF vulnerability discovered by Felipe Caon in WordPress Plugin CM Table Of Contents – WordPress TOC Plugin versions 1.2.3...

PT-2024-34125 · WordPress · Cm Table Of Contents

Name of the Vulnerable Software and Affected Versions: CM Table Of Contents WordPress plugin versions prior to 1.2.3 Description: The issue concerns a lack of CSRF check when resetting settings, which could allow attackers to make a logged-in admin perform such an action via a CSRF attack...

WordPress Table of Contents Plus plugin <= 2411 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Table of Contents Plus versions = 2411...

CVE-2024-5578

The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-5578

The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-5578

The CVE-2024-5578 entry concerns Table of Contents Plus (WordPress plugin) up to version 2408. Connected sources confirm a root cause of insufficient sanitisation/escaping of some plugin settings, enabling stored XSS by high-privilege users (e.g., editors) and while unfiltered_html is disallowed....

WordPress Table of Contents Plus Plugin <= 2411 is vulnerable to Cross Site Scripting (XSS)

Software Table of Contents Plus Type Plugin Vulnerable versions = 2411 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5578 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 487fd7341438 Credits Dmitrii Ignatyev...

PT-2024-36585 · WordPress · Table Of Contents Plus

Name of the Vulnerable Software and Affected Versions: Table of Contents Plus WordPress plugin versions through 2408 Description: The Table of Contents Plus WordPress plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform...

CVE-2024-49250

Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Table of Contents Plus table-of-contents-plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through = 2408...

CVE-2024-49250 WordPress Table of Contents Plus plugin <= 2408 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Table of Contents Plus table-of-contents-plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through = 2408...

CVE-2024-49250 WordPress Table of Contents Plus plugin <= 2408 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408...

CVE-2024-49250

CVE-2024-49250 describes a CSRF vulnerability in WordPress Table of Contents Plus. The initial record and connected sources identify Table of Contents Plus as affected, with references noting CSRF across versions n/a–2408 (and related entries citing versions up to 2411.1 in Patchstack data). The ...

PT-2024-33388 · Michael Tran · Table Of Contents Plus

Name of the Vulnerable Software and Affected Versions: Table of Contents Plus versions n/a through 2408 Description: A Cross-Site Request Forgery CSRF issue is found in Michael Tran's Table of Contents Plus, allowing malicious activities. This issue enables Cross Site Request Forgery...

WordPress Table of Contents Plus plugin <= 2408 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Table of Contents Plus versions = 2408...

WordPress Table of Contents Plus Plugin <= 2411.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Table of Contents Plus Type Plugin Vulnerable versions = 2411.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49250 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0206b95f1f9a Credits Rafie Muhamma...

WordPress easy-table-of-contents plugin < 2.0.68 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Easy Table of Contents versions 2.0.68...

CVE-2024-7082

The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...