Vulnerabilities > Back2Nature

DATE	CVE	VULNERABILITY TITLE	RISK
2024-06-21	CVE-2024-35781	Path Traversal vulnerability in Back2Nature Word Balloon Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through 4.21.1. network low complexity back2nature CWE-22	6.5
2023-12-04	CVE-2023-5884	Cross-Site Request Forgery (CSRF) vulnerability in Back2Nature Word Balloon The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link. network low complexity back2nature CWE-352	6.5
2023-01-23	CVE-2022-4751	Unspecified vulnerability in Back2Nature Word Balloon The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. network low complexity back2nature	5.4

Vulnerabilities > Back2Nature {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Back2Nature"}]}