Lucene search
+L
DelowerWp To Do

7 matches found

CVE
CVE
added 2024/05/30 4:31 a.m.70 views

CVE-2024-3946

CVE-2024-3946 describes a stored cross-site scripting vulnerability in the WordPress plugin WP To Do (versions up to and including 1.3.0). The issue arises from insufficient input sanitization and output escaping in admin/settings handling, enabling an authenticated attacker with administrator-le...

4.8CVSS4.6AI score0.00318EPSS
CVE
CVE
added 2024/05/30 4:31 a.m.63 views

CVE-2024-3947

WP To Do

4.3CVSS4.6AI score0.00224EPSS
CVE
CVE
added 2024/05/30 4:31 a.m.62 views

CVE-2024-3943

CVE-2024-3943 affects the WordPress plugin WP To Do (versions ≤ 1.3.0). The issue is a Cross-Site Request Forgery (CSRF) vulnerability arising from missing or improper nonce validation on the function wptodo_addcomment, enabling unauthenticated attackers to add comments to to-do items via forged ...

4.3CVSS4.6AI score0.00224EPSS
CVE
CVE
added 2024/01/31 5:36 p.m.61 views

CVE-2024-22292

CVE-2024-22292 : WordPress plugin WP To Do

6.5CVSS6.7AI score0.00317EPSS
CVE
CVE
added 2024/07/06 12:13 p.m.54 views

CVE-2024-37539

CVE-2024-37539 is a Stored XSS vulnerability in the WP To Do (Delower WP To Do) WordPress plugin, affectin g WP To Do versions from n/a up to 1.3.0. The connected Wordfence entry lists the vulnerability as Unpatched for WP To Do ≤ 1.3.0, and notes the issue is an improper neutralization of input ...

6.5CVSS6.2AI score0.00277EPSS
CVE
CVE
added 2024/05/30 4:31 a.m.49 views

CVE-2024-3945

WP To Do (WordPress)

4.3CVSS4.6AI score0.00222EPSS
CVE
CVE
added 2024/08/29 5:30 a.m.46 views

CVE-2024-3944

CVE-2024-3944 concerns the WordPress plugin WP To Do. The connected sources indicate a Stored Cross-Site Scripting (XSS) vulnerability in WP To Do versions up to 1.3.0, exploitable by authenticated attackers with administrator-level privileges. The root cause is insufficient input sanitization an...

4.8CVSS4.7AI score0.00318EPSS