Vulnerabilities > Wpmanageninja > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-7304 | Cross-site Scripting vulnerability in Wpmanageninja Ninja Tables The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-14 | CVE-2024-23504 | Unspecified vulnerability in Wpmanageninja Ninja Tables Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5. | 5.3 |
| 2024-06-11 | CVE-2024-23503 | Unspecified vulnerability in Wpmanageninja Ninja Tables Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6. | 4.3 |
| 2024-02-05 | CVE-2023-6953 | Cross-site Scripting vulnerability in Wpmanageninja PDF Generator for Fluent Forms The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2023-07-12 | CVE-2023-3087 | Unspecified vulnerability in Wpmanageninja Fluentsmtp The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. | 6.1 |
| 2023-05-10 | CVE-2022-47137 | Cross-site Scripting vulnerability in Wpmanageninja Ninja Tables Auth. | 4.8 |
| 2023-03-13 | CVE-2023-0219 | Cross-site Scripting vulnerability in Wpmanageninja Fluentsmtp The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. | 5.4 |
| 2022-02-01 | CVE-2021-24900 | Unspecified vulnerability in Wpmanageninja Ninja Tables The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
| 2021-08-30 | CVE-2021-24528 | Cross-site Scripting vulnerability in Wpmanageninja Fluentsmtp The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting (XSS) vulnerability. | 5.4 |