Vulnerabilities > Plugin Planet > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-13 | CVE-2024-0979 | Cross-site Scripting vulnerability in Plugin-Planet Dashboard Widgets Suite The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2023-12-14 | CVE-2023-49743 | Cross-site Scripting vulnerability in Plugin-Planet Dashboard Widget Suite Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through 3.4.1. | 4.8 |
| 2023-10-20 | CVE-2023-5614 | Cross-site Scripting vulnerability in Plugin-Planet Theme Switcha The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-09-09 | CVE-2023-4838 | Unspecified vulnerability in Plugin-Planet Simple Download Counter The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. | 5.4 |
| 2023-09-06 | CVE-2023-4779 | Unspecified vulnerability in Plugin-Planet User Submitted Posts The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. | 5.4 |
| 2023-08-15 | CVE-2023-4308 | Unspecified vulnerability in Plugin-Planet User Submitted Posts The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. | 5.4 |
| 2023-05-06 | CVE-2023-26517 | Cross-site Scripting vulnerability in Plugin-Planet Dashboard Widget Suite Auth. | 4.8 |
| 2022-04-15 | CVE-2022-27849 | Information Exposure vulnerability in Plugin-Planet Simple Ajax Chat Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 | 5.0 |
| 2022-04-15 | CVE-2022-27850 | Cross-Site Request Forgery (CSRF) vulnerability in Plugin-Planet Simple Ajax Chat Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. | 4.3 |
| 2022-04-04 | CVE-2022-1165 | Authorization Bypass Through User-Controlled Key vulnerability in Plugin-Planet Blackhole for BAD Bots The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. | 6.4 |