7 matches found
CVE-2024-3946
CVE-2024-3946 describes a stored cross-site scripting vulnerability in the WordPress plugin WP To Do (versions up to and including 1.3.0). The issue arises from insufficient input sanitization and output escaping in admin/settings handling, enabling an authenticated attacker with administrator-le...
CVE-2024-3947
WP To Do
CVE-2024-3943
CVE-2024-3943 affects the WordPress plugin WP To Do (versions ≤ 1.3.0). The issue is a Cross-Site Request Forgery (CSRF) vulnerability arising from missing or improper nonce validation on the function wptodo_addcomment, enabling unauthenticated attackers to add comments to to-do items via forged ...
CVE-2024-22292
CVE-2024-22292 : WordPress plugin WP To Do
CVE-2024-37539
CVE-2024-37539 is a Stored XSS vulnerability in the WP To Do (Delower WP To Do) WordPress plugin, affectin g WP To Do versions from n/a up to 1.3.0. The connected Wordfence entry lists the vulnerability as Unpatched for WP To Do ≤ 1.3.0, and notes the issue is an improper neutralization of input ...
CVE-2024-3945
WP To Do (WordPress)
CVE-2024-3944
CVE-2024-3944 concerns the WordPress plugin WP To Do. The connected sources indicate a Stored Cross-Site Scripting (XSS) vulnerability in WP To Do versions up to 1.3.0, exploitable by authenticated attackers with administrator-level privileges. The root cause is insufficient input sanitization an...