Lucene search
K

30 matches found

Cvelist
Cvelist
added 2022/05/20 7:55 p.m.19 views

CVE-2021-36833 WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...

4.8CVSS5AI score0.00489EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/05/20 7:55 p.m.4 views

CVE-2021-36833 WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...

4.8CVSS4.8AI score0.00489EPSS
Exploits0References2
CVE
CVE
added 2022/05/20 7:55 p.m.84 views

CVE-2021-36833

Summary: CVE-2021-36833 describes an authenticated stored XSS in WordPress MC4WP plugin (ibericode) version

4.8CVSS4.8AI score0.00489EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/20 12:0 a.m.4 views

PT-2022-10570 · WordPress · Mc4Wp

Name of the Vulnerable Software and Affected Versions: MC4WP plugin versions = 4.8.6 Description: The issue is an Authenticated Stored Cross-Site Scripting XSS vulnerability. It affects users with admin or higher roles. There is no information provided about the estimated number of potentially...

4.8CVSS4.7AI score0.00489EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2022/03/02 12:0 a.m.16 views

MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise from data, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create a form and put the following payload in the Form Code textarea: The XSS will be triggered...

2.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/02 12:0 a.m.27 views

MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise form data, which could allow high privilege users to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

4.8CVSS3.5AI score0.00489EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/03/02 12:0 a.m.29 views

WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress MC4WP plugin versions = 4.8.6. Solution Update the WordPress MC4WP plugin to the latest available version at least 4.8.7...

4.8CVSS3.1AI score0.00489EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/06/01 12:0 a.m.8 views

WordPress MC4WP plugin <= 4.8.4 - Authenticated Arbitrary Redirect vulnerability

Authenticated Arbitrary Redirect vulnerability discovered by WPScanTeam in WordPress MC4WP plugin versions = 4.8.4. Solution Update the WordPress MC4WP plugin to the latest available version at least 4.8.5...

3.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/06/01 12:0 a.m.7 views

WordPress MC4WP plugin <= 4.8.4 - Unauthorised Actions via Cross-Site Request Forgery (CSRF) vulnerability

Unauthorised Actions via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress MC4WP plugin versions = 4.8.4. Solution Update the WordPress MC4WP plugin to the latest available version at least 4.8.5...

4.4AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/12/09 12:0 a.m.13 views

MailChimp for WordPress <= 4.0.10 - Authenticated Cross-Site Scripting (XSS)

The MC4WP: Mailchimp for WordPress WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.8AI score0.00923EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder