Vulnerabilities > Rednao > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-47550 | Cross-Site Request Forgery (CSRF) vulnerability in Rednao Donations Made Easy - Smart Donations Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations allows Stored XSS.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | 6.1 |
| 2023-10-26 | CVE-2023-46076 | Cross-site Scripting vulnerability in Rednao Woocommerce PDF Invoice Builder Unauth. | 6.1 |
| 2023-09-27 | CVE-2023-40664 | Cross-site Scripting vulnerability in Rednao Smart Donations Unauth. | 6.1 |
| 2023-08-31 | CVE-2023-3764 | Unspecified vulnerability in Rednao Woocommerce PDF Invoice Builder The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. | 4.3 |
| 2023-08-31 | CVE-2023-4160 | Unspecified vulnerability in Rednao Woocommerce PDF Invoice Builder The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and output escaping. | 4.8 |
| 2023-08-31 | CVE-2023-4161 | Unspecified vulnerability in Rednao Woocommerce PDF Invoice Builder The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. | 4.3 |
| 2023-08-31 | CVE-2023-4245 | Unspecified vulnerability in Rednao Woocommerce PDF Invoice Builder The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. | 4.3 |
| 2023-08-25 | CVE-2023-32603 | Cross-site Scripting vulnerability in Rednao Smart Donations Unauth. | 6.1 |
| 2022-03-07 | CVE-2022-0163 | Missing Authorization vulnerability in Rednao Smart Forms The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form. | 4.0 |