Vulnerabilities > Plugin > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2022-4954 Cross-site Scripting vulnerability in Plugin Waiting
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping.
network
low complexity
plugin CWE-79
4.8
2023-08-31 CVE-2023-3999 Missing Authorization vulnerability in Plugin Waiting
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2.
network
low complexity
plugin CWE-862
4.3
2023-08-31 CVE-2023-4000 Unspecified vulnerability in Plugin Waiting
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2.
network
low complexity
plugin
4.3
2023-05-18 CVE-2023-2757 Cross-site Scripting vulnerability in Plugin Waiting
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2.
network
low complexity
plugin CWE-79
5.4
2023-04-05 CVE-2023-1865 Unspecified vulnerability in Plugin Yourchannel
The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrc_nuke GET parameter in versions up to, and including, 1.2.3.
network
low complexity
plugin
6.5
2023-04-05 CVE-2023-1866 Unspecified vulnerability in Plugin Yourchannel
The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3.
network
low complexity
plugin
4.3
2023-04-05 CVE-2023-1867 Unspecified vulnerability in Plugin Yourchannel
The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3.
network
low complexity
plugin
4.3
2023-04-05 CVE-2023-1868 Unspecified vulnerability in Plugin Yourchannel
The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3.
network
low complexity
plugin
5.3
2023-04-05 CVE-2023-1869 Cross-site Scripting vulnerability in Plugin Yourchannel
The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping.
network
low complexity
plugin CWE-79
4.8
2023-04-05 CVE-2023-1870 Unspecified vulnerability in Plugin Yourchannel
The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3.
network
low complexity
plugin
4.3