Vulnerabilities > Noorsplugin

DATE CVE VULNERABILITY TITLE RISK
2024-10-20 CVE-2024-49627 Cross-Site Request Forgery (CSRF) vulnerability in Noorsplugin Wordpress Image SEO
Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4.
network
low complexity
noorsplugin CWE-352
8.8
2024-02-01 CVE-2023-51689 Unspecified vulnerability in Noorsplugin Easy Video Player
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in naa986 Easy Video Player allows Stored XSS.This issue affects Easy Video Player: from n/a through 1.2.2.10.
network
low complexity
noorsplugin
5.4
2024-01-05 CVE-2023-52143 Unspecified vulnerability in Noorsplugin WP Stripe Checkout
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37.
network
low complexity
noorsplugin
7.5
2022-12-19 CVE-2022-3937 Unspecified vulnerability in Noorsplugin Easy Video Player
The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
network
low complexity
noorsplugin
5.4
2022-12-19 CVE-2022-3983 Unspecified vulnerability in Noorsplugin Checkout for Paypal
The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
network
low complexity
noorsplugin
5.4
2022-12-19 CVE-2022-3986 Unspecified vulnerability in Noorsplugin WP Stripe Checkout
The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
network
low complexity
noorsplugin
5.4
2022-12-19 CVE-2022-3987 Cross-site Scripting vulnerability in Noorsplugin Responsive Lightbox2 1.0.1/1.0.2/1.0.3
The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
network
low complexity
noorsplugin CWE-79
5.4