Vulnerabilities > Pluginus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-17 | CVE-2023-44990 | Cross-site Scripting vulnerability in Pluginus Wolf - Wordpress Posts Bulk Editor and products Manager Professional Auth. | 4.8 |
| 2023-08-18 | CVE-2023-31218 | Cross-site Scripting vulnerability in Pluginus Wolf - Wordpress Posts Bulk Editor and products Manager Professional Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions. | 6.1 |
| 2023-06-09 | CVE-2023-2555 | Unspecified vulnerability in Pluginus Wordpress Currency Switcher Professional The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. | 4.3 |
| 2023-06-09 | CVE-2023-2556 | Unspecified vulnerability in Pluginus Wordpress Currency Switcher The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. | 4.3 |
| 2023-06-09 | CVE-2023-2557 | Missing Authorization vulnerability in Pluginus Wordpress Currency Switcher Professional The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. | 4.3 |
| 2023-06-09 | CVE-2023-2558 | Unspecified vulnerability in Pluginus Wordpress Currency Switcher Professional The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-01-16 | CVE-2022-4431 | Unspecified vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
| 2022-06-27 | CVE-2022-1916 | Cross-site Scripting vulnerability in Pluginus Woot The Active Products Tables for WooCommerce. | 6.1 |
| 2022-02-21 | CVE-2022-0234 | Cross-site Scripting vulnerability in Pluginus Woocs The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting | 4.3 |
| 2022-02-01 | CVE-2021-25085 | Cross-site Scripting vulnerability in Pluginus Woocommerce products Filter The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting | 4.3 |