Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5
CVE-2024-33916
- EPSS 0.08%
- Veröffentlicht 03.05.2024 08:15:07
- Zuletzt bearbeitet 21.11.2024 09:17:43
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MachoThemes CPO Companion allows Stored XSS.This issue affects CPO Companion: from n/a through 1.1.0.
5.4
CVE-2022-4837
- EPSS 0.25%
- Veröffentlicht 30.01.2023 21:15:12
- Zuletzt bearbeitet 21.04.2025 14:27:31
The CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting at...
4.8
CVE-2023-0162
- EPSS 0.24%
- Veröffentlicht 10.01.2023 18:15:10
- Zuletzt bearbeitet 21.11.2024 07:36:40
The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it ...
1