Vulnerabilities > Ninjateam
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-18 | CVE-2024-10055 | Cross-site Scripting vulnerability in Ninjateam Click to Chat The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-10-11 | CVE-2024-47331 | SQL Injection vulnerability in Ninjateam Multi Step for Contact Form 7 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7. | 9.8 |
2024-09-13 | CVE-2024-6493 | Cross-site Scripting vulnerability in Ninjateam Header Footer Custom Code The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2024-09-13 | CVE-2024-6617 | Cross-site Scripting vulnerability in Ninjateam Header Footer Custom Code The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2024-06-27 | CVE-2024-4664 | Cross-site Scripting vulnerability in Ninjateam WP Chat APP The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 4.8 |
2024-06-07 | CVE-2024-5607 | Missing Authorization vulnerability in Ninjateam Gdpr Ccpa Compliance & Cookie Consent Banner The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. | 5.4 |
2024-02-12 | CVE-2023-51370 | Cross-site Scripting vulnerability in Ninjateam WP Chat APP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4. | 4.8 |
2024-02-05 | CVE-2024-0691 | Cross-site Scripting vulnerability in Ninjateam Filebird The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. | 4.8 |
2024-01-16 | CVE-2023-6592 | Unspecified vulnerability in Ninjateam Fastdup The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files. | 5.3 |
2024-01-08 | CVE-2023-51406 | Unspecified vulnerability in Ninjateam Fastdup Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fastest WordPress Migration & Duplicator.This issue affects FastDup – Fastest WordPress Migration & Duplicator: from n/a through 2.1.7. | 7.5 |