Yash Kanchhal

#10436de 53,638
26.5CVSS total
Vulnerabilidades · 4
Média
3
Alta
1
PT-2023-23888
5.9
2023-06-03
Kyle Maurer · Don8 Plugin · CVE-2023-32582
**Name of the Vulnerable Software and Affected Versions** Kyle Maurer Don8 plugin versions <= 0.4 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For Kyle Maurer Don8 plugin versions <= 0.4, update to a version higher than 0.4 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.
PT-2023-23893
8.8
2023-05-20
WordPress · Pingonline Dyslexiefont Free · CVE-2023-32589
**Name of the Vulnerable Software and Affected Versions** PingOnline Dyslexiefont Free plugin versions <= 1.0.0 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For PingOnline Dyslexiefont Free plugin versions <= 1.0.0, update to a version higher than 1.0.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-19833
5.9
2023-05-11
Fernando Briano · Useragent-Spy · CVE-2023-2490
**Name of the Vulnerable Software and Affected Versions** Fernando Briano UserAgent-Spy plugin versions prior to 1.3.1 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects users with admin+ authentication. This type of vulnerability allows an attacker to inject malicious scripts into the website, which can then be executed by other users. **Recommendations** For Fernando Briano UserAgent-Spy plugin versions prior to 1.3.1, update to a version newer than 1.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's administrative interface to minimize the risk of exploitation.
PT-2023-20704
5.9
2023-04-03
Dupeoff.Com · Dupeoff · CVE-2023-26529
**Name of the Vulnerable Software and Affected Versions** DupeOff.Com DupeOff plugin versions 1.6 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For DupeOff.Com DupeOff plugin versions 1.6 and earlier, update to a version later than 1.6 to resolve the issue.