15 matches found
CVE-2023-7084
The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...
CVE-2023-7083
The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
Cross site scripting
The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...
Cross site request forgery (csrf)
The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2023-7083 Voting Record <= 2.0 - Settings Update to Stored XSS via CSRF
The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2023-7083
The CVE-2023-7083 entry concerns the Voting Record WordPress plugin (≤2.0). The issue arises from missing CSRF checks in certain areas and lack of sanitisation/escaping, enabling a logged-in administrator to store XSS payloads via CSRF. The description notes potential Stored XSS through a CSRF at...
CVE-2023-7084 Voting Record <= 2.0 - Subscriber+ Stored XSS
The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...
CVE-2023-7084 Voting Record <= 2.0 - Subscriber+ Stored XSS
The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...
CVE-2023-7084
CVE-2023-7084 affects the Voting Record WordPress plugin up to version 2.0. It enables Stored XSS via authenticated users (e.g., subscribers) due to missing sanitisation and escaping in the voting data handling. The Wordfence Intelligence entry notes an unpatched status for this vulnerability, an...
WordPress plugin Voting Record security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin Voting Record security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Voting Record Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Voting Record Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-7083 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 6107adacfb26 Credits Daniel Ruf Required...
WordPress Voting Record Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)
Software Voting Record Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7084 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4244145376c3 Credits Daniel Ruf Required...
Voting Record <= 2.0 - Subscriber+ Stored XSS
Description The plugin is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks Have a subscriber open an HTML file containing the following: ' ' document.forms0.submit; See the XSS when logged in as an admin and...
Voting Record <= 2.0 - Subscriber+ Stored XSS
Description The plugin is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks PoC Have a subscriber open an HTML file containing the following: See the XSS when logged in as an admin and viewing recorded votes...