CVE-2023-3051
- EPSS 0.12%
- Veröffentlicht 03.06.2023 00:15:09
- Zuletzt bearbeitet 21.11.2024 08:16:19
The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for con...
CVE-2023-3052
- EPSS 0.14%
- Veröffentlicht 03.06.2023 00:15:09
- Zuletzt bearbeitet 21.11.2024 08:16:19
The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post'...
CVE-2023-3053
- EPSS 0.05%
- Veröffentlicht 03.06.2023 00:15:09
- Zuletzt bearbeitet 21.11.2024 08:16:20
The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated at...
CVE-2023-3055
- EPSS 0.06%
- Veröffentlicht 03.06.2023 00:15:09
- Zuletzt bearbeitet 21.11.2024 08:16:20
The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthe...