Vulnerabilities > Premio
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-7133 | Cross-site Scripting vulnerability in Premio MY Sticky BAR The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks. | 4.8 |
| 2024-08-06 | CVE-2024-7317 | Cross-site Scripting vulnerability in Premio Folders The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-13 | CVE-2024-4149 | Cross-site Scripting vulnerability in Premio Floating Chat Widget The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-01-11 | CVE-2023-7048 | Cross-Site Request Forgery (CSRF) vulnerability in Premio MY Sticky BAR The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. | 4.3 |
| 2023-12-20 | CVE-2023-40204 | Unspecified vulnerability in Premio Folders Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2. | 7.2 |
| 2023-11-22 | CVE-2023-47759 | Unspecified vulnerability in Premio Chaty Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premio Chaty plugin <= 3.1.2 versions. | 4.8 |
| 2023-11-20 | CVE-2023-5509 | Incorrect Authorization vulnerability in Premio Mystickymenu The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. | 5.4 |
| 2023-08-30 | CVE-2023-25019 | Unspecified vulnerability in Premio Chaty Unauth. | 6.1 |
| 2023-07-24 | CVE-2023-3248 | Unspecified vulnerability in Premio MY Sticky Elements The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2023-07-17 | CVE-2023-3245 | Cross-site Scripting vulnerability in Premio Chaty The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |