Inisev
Products
6- 7 CVEs
- 4 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-34009 | Med | 0.28 | 4.3 | 0.00 | Dec 13, 2024 | Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media & Share Icons: from n/a through 2.8.1. | ||
| CVE-2023-23823 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2024 | Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8. | ||
| CVE-2023-3977 | Med | 0.21 | 4.3 | 0.01 | Jul 28, 2023 | Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it… | ||
| CVE-2023-0958 | Med | 0.21 | 4.3 | 0.01 | Jul 28, 2023 | Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for… | ||
| CVE-2024-37552 | 0.00 | — | 0.00 | Jul 21, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Inisev Social Media & Share Icons allows Stored XSS.This issue affects Social Media & Share Icons: from n/a through 2.9.1. | |||
| CVE-2024-0561 | 0.00 | — | 0.00 | Mar 11, 2024 | The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the… | |||
| CVE-2024-0559 | 0.00 | — | 0.01 | Mar 11, 2024 | The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the… | |||
| CVE-2023-1331 | 0.00 | — | 0.00 | Apr 17, 2023 | The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack. | |||
| CVE-2023-1330 | 0.00 | — | 0.00 | Apr 3, 2023 | The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. | |||
| CVE-2022-38704 | 0.00 | — | 0.00 | Sep 23, 2022 | Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history. | |||
| CVE-2011-5329 | 0.00 | — | 0.01 | Aug 28, 2019 | The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. | |||
| CVE-2012-6717 | 0.00 | — | 0.01 | Aug 28, 2019 | The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. |
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media & Share Icons: from n/a through 2.8.1.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8.
- risk 0.21cvss 4.3epss 0.01
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it…
- risk 0.21cvss 4.3epss 0.01
Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for…
- CVE-2024-37552Jul 21, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Inisev Social Media & Share Icons allows Stored XSS.This issue affects Social Media & Share Icons: from n/a through 2.9.1.
- CVE-2024-0561Mar 11, 2024risk 0.00cvss —epss 0.00
The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the…
- CVE-2024-0559Mar 11, 2024risk 0.00cvss —epss 0.01
The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the…
- CVE-2023-1331Apr 17, 2023risk 0.00cvss —epss 0.00
The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack.
- CVE-2023-1330Apr 3, 2023risk 0.00cvss —epss 0.00
The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack.
- CVE-2022-38704Sep 23, 2022risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.
- CVE-2011-5329Aug 28, 2019risk 0.00cvss —epss 0.01
The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562.
- CVE-2012-6717Aug 28, 2019risk 0.00cvss —epss 0.01
The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562.