7 matches found
CVE-2024-11975
The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpnonce' parameter in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
CVE-2024-11975 Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Reflected Cross-Site Scripting
The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpnonce' parameter in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
CVE-2024-11975
The CVE-2024-11975 entry concerns the Reactflow Visitor Recording and Heatmaps WordPress plugin. Affected versions: all up to and including 1.0.10. The issue is Cross-Site Request Forgery due to missing or incorrect nonce validation of the _wpnonce parameter. This CSRF allows unauthenticated atta...
CVE-2024-11975 Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.10. This is due to missing or incorrect nonce validation affecting the wpnonce parameter. This makes it possible for unauthenticated attackers to...
WordPress plugin Reactflow Visitor Recording and Heatmaps 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2024-17377 · WordPress · Reactflow Visitor Recording/Heatmaps
Name of the Vulnerable Software and Affected Versions: Reactflow Visitor Recording and Heatmaps plugin for WordPress versions up to, and including, 1.0.10 Description: The issue is due to missing or incorrect nonce validation affecting the wpnonce parameter. This allows unauthenticated attackers ...
WordPress Reactflow Visitor Recording and Heatmaps plugin <= 1.0.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Reactflow Visitor Recording and Heatmaps versions = 1.0.10...