VYPR

360deg Javascript Viewer

by WordPress

Source repositories

CVEs (3)

  • CVE-2023-48779MedDec 9, 2024
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in 3DWeb 360 Javascript Viewer 360deg-javascript-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through <= 1.7.11.

  • CVE-2024-12271MedDec 12, 2024
    risk 0.22cvss 4.4epss 0.00

    The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

  • CVE-2024-1637MedApr 9, 2024
    risk 0.21cvss 4.3epss 0.01

    The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with…