Vulnerabilities > Solidres > Solidres > 0.9.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-03 | CVE-2023-1377 | Unspecified vulnerability in Solidres The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-03-13 | CVE-2023-1374 | Unspecified vulnerability in Solidres The Solidres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'currency_name' parameter in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping. | 4.8 |