4 matches found
PT-2026-49435
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...
CVE-2023-5135
CVE-2023-5135 concerns the WordPress plugin “Simple Cloudflare Turnstile.” A stored XSS flaw exists in versions up to and including 1.23.1 due to insufficient input sanitization and output escaping on user-supplied attributes in the gravity-simple-turnstile shortcode. Exploitation requires an aut...
WordPress Simple Cloudflare Turnstile Plugin <= 1.23.1 is vulnerable to Cross Site Scripting (XSS)
Software Simple Cloudflare Turnstile Type Plugin Vulnerable versions = 1.23.1 Fixed in 1.23.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5135 Patch priority Low CVSS severity Low 6.5 Developer RelyWP PSID 89023cff61f7 Credits Lana Codes Required...
PT-2023-31787 · Cloudflare · Simple Cloudflare Turnstile
Name of the Vulnerable Software and Affected Versions: The Simple Cloudflare Turnstile plugin for WordPress versions up to, and including, 1.23.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes...