Vulnerabilities > Plugin Planet

DATE CVE VULNERABILITY TITLE RISK
2024-06-13 CVE-2024-0979 Cross-site Scripting vulnerability in Plugin-Planet Dashboard Widgets Suite
The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping.
network
low complexity
plugin-planet CWE-79
6.1
2023-12-20 CVE-2023-45603 Unrestricted Upload of File with Dangerous Type vulnerability in Plugin-Planet User Submitted Posts
Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.
network
low complexity
plugin-planet CWE-434
critical
9.8
2023-12-14 CVE-2023-49743 Cross-site Scripting vulnerability in Plugin-Planet Dashboard Widget Suite
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through 3.4.1.
network
low complexity
plugin-planet CWE-79
4.8
2023-10-20 CVE-2023-5614 Cross-site Scripting vulnerability in Plugin-Planet Theme Switcha
The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
plugin-planet CWE-79
5.4
2023-09-09 CVE-2023-4838 Unspecified vulnerability in Plugin-Planet Simple Download Counter
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'.
network
low complexity
plugin-planet
5.4
2023-09-06 CVE-2023-4779 Unspecified vulnerability in Plugin-Planet User Submitted Posts
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'.
network
low complexity
plugin-planet
5.4
2023-08-15 CVE-2023-4308 Unspecified vulnerability in Plugin-Planet User Submitted Posts
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping.
network
low complexity
plugin-planet
5.4
2023-06-07 CVE-2019-25138 Unrestricted Upload of File with Dangerous Type vulnerability in Plugin-Planet User Submitted Posts
The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312.
network
low complexity
plugin-planet CWE-434
critical
9.8
2023-05-06 CVE-2023-26517 Cross-site Scripting vulnerability in Plugin-Planet Dashboard Widget Suite
Auth.
network
low complexity
plugin-planet CWE-79
4.8
2022-04-15 CVE-2022-27849 Information Exposure vulnerability in Plugin-Planet Simple Ajax Chat
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115
network
low complexity
plugin-planet CWE-200
7.5