Vulnerabilities > Noorsplugin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-01 | CVE-2023-51689 | Cross-site Scripting vulnerability in Noorsplugin Easy Video Player Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in naa986 Easy Video Player allows Stored XSS.This issue affects Easy Video Player: from n/a through 1.2.2.10. | 5.4 |
| 2024-01-05 | CVE-2023-52143 | Information Exposure Through Log Files vulnerability in Noorsplugin WP Stripe Checkout Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37. | 7.5 |
| 2022-12-19 | CVE-2022-3937 | Unspecified vulnerability in Noorsplugin Easy Video Player The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. | 5.4 |
| 2022-12-19 | CVE-2022-3983 | Unspecified vulnerability in Noorsplugin Checkout for Paypal The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2022-12-19 | CVE-2022-3986 | Unspecified vulnerability in Noorsplugin WP Stripe Checkout The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2022-12-19 | CVE-2022-3987 | Cross-site Scripting vulnerability in Noorsplugin Responsive Lightbox2 1.0.1/1.0.2/1.0.3 The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | 5.4 |