VYPR
Vendor

Inisev

Products
6
CVEs
12
Across products
20
Status
Private

Products

6

Recent CVEs

12
  • CVE-2023-34009MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media & Share Icons: from n/a through 2.8.1.

  • CVE-2023-23823MedDec 9, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8.

  • CVE-2023-3977MedJul 28, 2023
    risk 0.21cvss 4.3epss 0.01

    Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it…

  • CVE-2023-0958MedJul 28, 2023
    risk 0.21cvss 4.3epss 0.01

    Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for…

  • CVE-2024-37552Jul 21, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Inisev Social Media & Share Icons allows Stored XSS.This issue affects Social Media & Share Icons: from n/a through 2.9.1.

  • CVE-2024-0561Mar 11, 2024
    risk 0.00cvss epss 0.00

    The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the…

  • CVE-2024-0559Mar 11, 2024
    risk 0.00cvss epss 0.01

    The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the…

  • CVE-2023-1331Apr 17, 2023
    risk 0.00cvss epss 0.00

    The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack.

  • CVE-2023-1330Apr 3, 2023
    risk 0.00cvss epss 0.00

    The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack.

  • CVE-2022-38704Sep 23, 2022
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.

  • CVE-2011-5329Aug 28, 2019
    risk 0.00cvss epss 0.01

    The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562.

  • CVE-2012-6717Aug 28, 2019
    risk 0.00cvss epss 0.01

    The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562.