CVE-2024-44040
- EPSS 0.12%
- Veröffentlicht 06.10.2024 13:15:14
- Zuletzt bearbeitet 07.10.2024 17:47:48
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Plainware ShiftController Employee Shift Scheduling allows Stored XSS.This issue affects ShiftController Employee Shift Scheduling: from n/a ...
CVE-2024-9435
- EPSS 1.68%
- Veröffentlicht 04.10.2024 07:15:03
- Zuletzt bearbeitet 08.10.2024 16:22:40
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it pos...
CVE-2024-4733
- EPSS 1.91%
- Veröffentlicht 16.05.2024 20:15:09
- Zuletzt bearbeitet 21.11.2024 09:43:28
The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the `hc3_session`-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attac...
CVE-2023-29425
- EPSS 0.05%
- Veröffentlicht 12.11.2023 22:15:30
- Zuletzt bearbeitet 21.11.2024 07:57:02
Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions.
CVE-2023-29424
- EPSS 0.06%
- Veröffentlicht 26.06.2023 08:15:09
- Zuletzt bearbeitet 21.11.2024 07:57:02
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plainware ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions.
CVE-2023-1978
- EPSS 1.16%
- Veröffentlicht 09.06.2023 06:16:00
- Zuletzt bearbeitet 21.11.2024 07:40:16
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient input sanitization and output escaping. This makes it...