CVE-2023-40674
- EPSS 0.18%
- Veröffentlicht 30.11.2023 13:15:07
- Zuletzt bearbeitet 21.11.2024 08:19:56
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs – Link Cloaking,...
CVE-2023-45606
- EPSS 0.15%
- Veröffentlicht 16.10.2023 09:15:10
- Zuletzt bearbeitet 21.11.2024 08:27:03
Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions.
CVE-2023-40667
- EPSS 0.19%
- Veröffentlicht 27.09.2023 15:19:22
- Zuletzt bearbeitet 21.11.2024 08:19:56
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Simple URLs plugin <= 117 versions.
CVE-2023-0098
- EPSS 0.69%
- Veröffentlicht 13.02.2023 15:15:20
- Zuletzt bearbeitet 21.03.2025 20:15:14
The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as s...
CVE-2023-0099
- EPSS 72.92%
- Veröffentlicht 13.02.2023 15:15:20
- Zuletzt bearbeitet 21.11.2024 07:36:33
The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.