Park Won Seok

#18594of 53,633
14.4Total CVSS
Vulnerabilities · 3
Medium
3
PT-2022-13394
4.8
2022-04-11
WordPress · Easy Smooth Scroll Links · CVE-2022-0728
**Name of the Vulnerable Software and Affected Versions** Easy Smooth Scroll Links WordPress plugin versions prior to 2.23.1 **Description** The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape its settings, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 2.23.1, update to version 2.23.1 or later to resolve the issue.
PT-2022-11572
4.8
2022-02-28
WordPress · Wp-Paginate · CVE-2021-4222
**Name of the Vulnerable Software and Affected Versions** WP-Paginate WordPress plugin versions prior to 2.1.4 **Description** The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape its preset settings, even when the unfiltered html capability is disallowed. **Recommendations** For WP-Paginate WordPress plugin versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue.
PT-2020-6956
4.8
2020-12-24
WordPress · Wp-Postratings · CVE-2021-25117
**Name of the Vulnerable Software and Affected Versions** WP-PostRatings WordPress plugin versions prior to 1.86.1 **Description** The issue is related to the WP-PostRatings WordPress plugin and involves a lack of sanitization of the `postratings image` parameter from its options page, specifically at the endpoint "wp-admin/admin.php?page=wp-postratings/postratings-options.php". Although this page is only accessible to administrators and is protected against CSRF attacks, the problem can still be exploited when the unfiltered html capability is disabled. This could potentially allow a remote attacker to perform a CSRF attack. **Recommendations** For WP-PostRatings WordPress plugin versions prior to 1.86.1, update to version 1.86.1 or later to resolve the issue. As a temporary workaround, consider disabling the `postratings image` parameter in the affected options page until a patch is available. Restrict access to the options page "wp-admin/admin.php?page=wp-postratings/postratings-options.php" to minimize the risk of exploitation. Avoid using the `postratings image` parameter in the affected endpoint until the issue is resolved.