crazy-bone
by WordPress
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0385 | Med | 0.40 | 6.1 | 0.01 | Feb 28, 2022 | The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting | ||
| CVE-2015-9430 | Med | 0.40 | 6.1 | 0.01 | Sep 26, 2019 | The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header. |
- risk 0.40cvss 6.1epss 0.01
The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting
- risk 0.40cvss 6.1epss 0.01
The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header.