Lucene search
K

35 matches found

Patchstack
Patchstack
added 2024/10/15 12:0 a.m.11 views

WordPress WP VR Plugin <= 8.5.4 is vulnerable to Broken Access Control

Software WP VR Type Plugin Vulnerable versions = 8.5.4 Fixed in 8.5.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49293 Patch priority Low CVSS severity Low 4.3 Developer WPFunnels Team PSID ece40c2ceb73 Credits Trương Hữu Phúc truonghuuphuc Required...

5.4CVSS6.5AI score0.00255EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/23 6:0 a.m.82 views

CVE-2024-2220

CVE-2024-2220 affects the Button contact VR WordPress plugin (versions up to 4.7). The issue is Stored XSS due to insufficient sanitisation/escaping of plugin settings, enabling high-privilege users (e.g., Administrators) to inject script, potentially in multisite setups where unfiltered_html is ...

3.5CVSS3.7AI score0.0033EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2024/01/08 7:15 p.m.36 views

CVE-2023-6529

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities...

6.1CVSS6.4AI score0.00219EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/01/08 7:0 p.m.7 views

CVE-2023-6529 WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities...

6.3AI score0.00219EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.6 views

PT-2024-14996 · WordPress · Wp Vr

Name of the Vulnerable Software and Affected Versions: WP VR WordPress plugin versions prior to 8.3.15 Description: The issue concerns a lack of authorization and CSRF protection in a function hooked to admin init, allowing unauthenticated users to downgrade the plugin. This can lead to Reflected...

6.1CVSS6.2AI score0.00219EPSS
Exploits1References6
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.5 views

WordPress WP VR Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP VR Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer WPFunnels Team PSID de1111c82f8a Credits Rafie Muhammad Patchstack Required privilege...

6.1AI score0.00284EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/04/24 7:15 p.m.9 views

CVE-2023-1414

The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours...

4.3CVSS4.7AI score0.00247EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/04/17 12:17 p.m.10 views

CVE-2023-1413 WP VR < 8.2.9 - Reflected XSS

The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6AI score0.00458EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/17 12:0 a.m.4 views

PT-2023-16966 · WordPress · Wp Vr

Name of the Vulnerable Software and Affected Versions: WP VR WordPress plugin versions prior to 8.2.9 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because some parameters are not properly sanitised and escaped before being outputted back in the page. Th...

6.1CVSS8.6AI score0.00458EPSS
Exploits1References6
Patchstack
Patchstack
added 2023/04/13 12:0 a.m.9 views

WordPress WP VR Plugin < 8.2.9 is vulnerable to Cross Site Scripting (XSS)

Software WP VR Type Plugin Vulnerable versions 8.2.9 Fixed in 8.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1413 Patch priority High CVSS severity High 7.1 Developer WPFunnels Team PSID f109d593f865 Credits Erwan LR WPScan Required privilege...

6.1CVSS5.7AI score0.00458EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/04/03 12:0 a.m.17 views

WordPress WP VR Plugin < 8.3.0 is vulnerable to Broken Access Control

Software WP VR Type Plugin Vulnerable versions 8.3.0 Fixed in 8.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1414 Patch priority Medium CVSS severity Medium 4.3 Developer WPFunnels Team PSID 08ad2733ea1e Credits Erwan LR WPScan Required privilege...

4.3CVSS6.8AI score0.00247EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/02/14 12:0 a.m.12 views

WordPress WP VR Plugin <= 8.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP VR Type Plugin Vulnerable versions = 8.2.7 Fixed in 8.2.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25708 Patch priority Low CVSS severity Low 4.3 Developer WPFunnels Team PSID e8f1ea3c4e52 Credits Abdi Pranata Required privileg...

8.8CVSS7AI score0.00256EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/06 8:15 p.m.3 views

CVE-2023-0174

The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.00649EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/02/06 7:59 p.m.9 views

CVE-2023-0174 WP VR < 8.2.7 - Contributor+ Stored XSS

The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6AI score0.00649EPSS
Exploits1References1
Patchstack
Patchstack
added 2023/01/12 12:0 a.m.16 views

WordPress WP VR Plugin < 8.2.7 is vulnerable to Cross Site Scripting (XSS)

Software WP VR Type Plugin Vulnerable versions 8.2.7 Fixed in 8.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0174 Patch priority Medium CVSS severity Medium 6.5 Developer WPFunnels Team PSID 8cc58a857921 Credits Lana Codes Required privilege...

5.4CVSS5.7AI score0.00649EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder