Vulnerabilities > Plugin Planet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-15 | CVE-2022-27850 | Cross-Site Request Forgery (CSRF) vulnerability in Plugin-Planet Simple Ajax Chat Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. | 4.3 |
| 2022-04-04 | CVE-2022-1165 | Authorization Bypass Through User-Controlled Key vulnerability in Plugin-Planet Blackhole for BAD Bots The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. | 9.1 |
| 2022-03-25 | CVE-2022-25610 | Cross-site Scripting vulnerability in Plugin-Planet Simple Ajax Chat Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. | 6.1 |
| 2022-03-11 | CVE-2022-25601 | Cross-site Scripting vulnerability in multiple products Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). | 6.1 |
| 2021-07-12 | CVE-2021-24408 | Cross-site Scripting vulnerability in Plugin-Planet Prismatic The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. | 5.4 |
| 2021-07-12 | CVE-2021-24409 | Cross-site Scripting vulnerability in Plugin-Planet Prismatic The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator | 6.1 |
| 2019-09-20 | CVE-2016-11001 | Cross-site Scripting vulnerability in Plugin-Planet User Submitted Posts The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. | 6.1 |