CVE-2024-8323
- EPSS 0.29%
- Veröffentlicht 06.11.2024 12:15:03
- Zuletzt bearbeitet 08.11.2024 20:30:11
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fontFamily’ attribute in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output e...
CVE-2024-8871
- EPSS 1.36%
- Veröffentlicht 30.10.2024 06:15:16
- Zuletzt bearbeitet 01.11.2024 12:57:03
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. This m...
CVE-2022-1904
- EPSS 2.19%
- Veröffentlicht 27.06.2022 09:15:10
- Zuletzt bearbeitet 21.11.2024 06:41:43
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to...
CVE-2021-36866
- EPSS 0.3%
- Veröffentlicht 02.06.2022 14:15:29
- Zuletzt bearbeitet 21.11.2024 06:14:13
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress.
CVE-2021-25098
- EPSS 0.14%
- Veröffentlicht 07.03.2022 09:15:08
- Zuletzt bearbeitet 21.11.2024 05:54:20
The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash