Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8
CVE-2024-10632
- EPSS 0.05%
- Veröffentlicht 15.05.2025 20:15:33
- Zuletzt bearbeitet 09.06.2025 18:10:20
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di...
4.3
CVE-2024-10634
- EPSS 0.03%
- Veröffentlicht 15.05.2025 20:15:33
- Zuletzt bearbeitet 09.06.2025 18:09:43
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack
1