8 matches found
CVE-2024-6860
CVE-2024-6860 concerns the WordPress plugin WP MultiTasking (versions
CVE-2024-6859
CVE-2024-6859 affects WP MultiTasking ≤ 0.1.12 (WP Utilities) and is described in Red Hat/NVD entries as a Stored XSS via shortcode attributes. The root cause is lack of validation/escaping of shortcode attributes before output, enabling users with the contributor role or higher to inject script ...
CVE-2024-6857
CVE-2024-6857 concerns the WP MultiTasking WordPress plugin (versions <= 0.1.12) where updating Header/Footer/Body Script Settings lacks CSRF protection. Exploitation could allow an attacker to force logged-in admins to perform these updates via CSRF. Public sources in connected docs confirm t...
CVE-2024-6852
CVE-2024-6852 concerns the WordPress plugin WP MultiTasking (versions ≤ 0.1.12). The issue is a missing CSRF check when updating plugin settings, which could allow an attacker to force a logged-in admin to modify settings via CSRF. Public sources in connected documents confirm the root cause as l...
CVE-2024-6856
CVE-2024-6856 affects the WordPress plugin WP MultiTasking (versions up to 0.1.12). The root cause is a missing CSRF check when updating plugin settings, enabling a logged-in attacker to modify settings through a CSRF attack. Exploitation details are not provided beyond this description in the co...
CVE-2024-6853
The CVE CVE-2024-6853 concerns WP MultiTasking for WordPress, affected in versions
CVE-2024-6855
The CVE-2024-6855 issue affects the WP MultiTasking (WP Utilities) WordPress plugin, specifically versions
CVE-2024-8189
CVE-2024-8189 affects the WP MultiTasking – WP Utilities WordPress plugin. It is a stored XSS via the wpmt_menu_name parameter in all versions