CVE-2023-2995
- EPSS 0.18%
- Veröffentlicht 19.09.2023 20:15:09
- Zuletzt bearbeitet 23.04.2025 17:16:32
The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (fo...
CVE-2023-4917
- EPSS 0.4%
- Veröffentlicht 13.09.2023 03:15:09
- Zuletzt bearbeitet 21.11.2024 08:36:15
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or abo...
CVE-2023-33325
- EPSS 0.07%
- Veröffentlicht 30.08.2023 13:15:12
- Zuletzt bearbeitet 21.11.2024 08:05:25
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.1 versions.
CVE-2023-39314
- EPSS 0.08%
- Veröffentlicht 10.08.2023 13:15:10
- Zuletzt bearbeitet 21.11.2024 08:15:08
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.2 versions.
CVE-2023-27450
- EPSS 0.08%
- Veröffentlicht 21.06.2023 13:15:10
- Zuletzt bearbeitet 21.11.2024 07:52:56
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.