360deg Javascript Viewer
by WordPress
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-48779 | Med | 0.42 | 6.5 | 0.01 | Dec 9, 2024 | Missing Authorization vulnerability in 3DWeb 360 Javascript Viewer 360deg-javascript-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through <= 1.7.11. | ||
| CVE-2024-12271 | Med | 0.22 | 4.4 | 0.00 | Dec 12, 2024 | The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,… | ||
| CVE-2024-1637 | Med | 0.21 | 4.3 | 0.01 | Apr 9, 2024 | The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with… |
- risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in 3DWeb 360 Javascript Viewer 360deg-javascript-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through <= 1.7.11.
- risk 0.22cvss 4.4epss 0.00
The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…
- risk 0.21cvss 4.3epss 0.01
The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with…