Mirphak

Researcher fromPatchStack
#9815of 53,624
28.1Total CVSS
Vulnerabilities · 5
Medium
4
High
1
PT-2022-10604
7.5
2022-10-11
Accessibe · Accessibe · CVE-2021-36913
**Name of the Vulnerable Software and Affected Versions** Qube One Redirection for Contact Form 7 plugin version 2.4.0 and earlier **Description** The issue allows unauthenticated attackers to change options and inject scripts into the footer HTML, potentially leading to content injection. This requires an additional extension, AccessiBe. **Recommendations** For Qube One Redirection for Contact Form 7 plugin version 2.4.0 and earlier, update to a version later than 2.4.0 to resolve the issue.
PT-2022-10606
4.3
2022-10-11
Cozmoslabs · Cozmoslabs Profile Builder Plugin · CVE-2021-36915
**Name of the Vulnerable Software and Affected Versions** Cozmoslabs Profile Builder plugin versions <= 3.6.0 **Description** The issue concerns a Cross-Site Request Forgery (CSRF) vulnerability. It allows for the upload of a JSON file and the update of options, requiring the Import and Export add-on. **Recommendations** For Cozmoslabs Profile Builder plugin versions <= 3.6.0, update to a version greater than 3.6.0 to resolve the issue.
PT-2022-10603
5.4
2022-05-06
WordPress · Andrea Pernici News Sitemap For Google · CVE-2021-36912
**Name of the Vulnerable Software and Affected Versions** Andrea Pernici News Sitemap for Google plugin version 1.0.16 and earlier **Description** The issue is a Stored Cross-Site Scripting (XSS) vulnerability. Attackers must have a contributor or higher user role to exploit this issue. **Recommendations** For Andrea Pernici News Sitemap for Google plugin version 1.0.16 and earlier, update to a version later than 1.0.16 to resolve the issue.
PT-2022-10605
6.1
2022-04-12
Calderawp · Calderawp License Manager · CVE-2021-36914
**Name of the Vulnerable Software and Affected Versions** CalderaWP License Manager versions prior to 1.2.12 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that can lead to Reflected Cross-Site Scripting (XSS). This means an attacker could potentially trick a user into performing unintended actions on a web application, and also inject malicious scripts into the website. **Recommendations** For versions prior to 1.2.12, update to version 1.2.12 or later to resolve the issue.
PT-2022-10602
4.8
2022-04-11
WordPress · Wp-Appbox · CVE-2021-36910
**Name of the Vulnerable Software and Affected Versions** WP-Appbox (WordPress plugin) versions <= 4.3.20 **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) in the WP-Appbox WordPress plugin. This allows an attacker with admin user role privileges to inject malicious scripts into the application. **Recommendations** For WP-Appbox (WordPress plugin) versions <= 4.3.20, update to a version higher than 4.3.20 to resolve the issue.