Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4
CVE-2023-32291
- EPSS 0.26%
- Veröffentlicht 30.11.2023 13:15:07
- Zuletzt bearbeitet 21.11.2024 08:03:03
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MonsterInsights Pro allows Stored XSS.This issue affects MonsterInsights Pro: from n/a through 8.14.1.
5.4
CVE-2023-0081
- EPSS 0.34%
- Veröffentlicht 06.02.2023 20:15:12
- Zuletzt bearbeitet 25.03.2025 18:15:30
The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stor...
6.1
CVE-2022-3904
- EPSS 41.32%
- Veröffentlicht 16.01.2023 16:15:10
- Zuletzt bearbeitet 08.04.2025 20:15:16
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.
1