Filtered by vendor Premio
Subscribe
Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40204 | 1 Premio | 1 Folders | 2023-12-27 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2. | |||||
| CVE-2023-47759 | 1 Premio | 1 Chaty | 2023-11-29 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premio Chaty plugin <= 3.1.2 versions. | |||||
| CVE-2023-5509 | 1 Premio | 1 Mystickymenu | 2023-11-27 | N/A | 5.4 MEDIUM |
| The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. | |||||
| CVE-2023-3248 | 1 Premio | 1 My Sticky Elements | 2023-07-31 | N/A | 4.8 MEDIUM |
| The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-3245 | 1 Premio | 1 Chaty | 2023-07-28 | N/A | 4.8 MEDIUM |
| The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-0148 | 1 Premio | 1 Mystickyelements | 2022-02-10 | 3.5 LOW | 5.4 MEDIUM |
| The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page. | |||||
| CVE-2021-25016 | 1 Premio | 2 Chaty, Chaty Pro | 2022-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-24425 | 1 Premio | 1 Mystickymenu | 2021-08-10 | 3.5 LOW | 4.8 MEDIUM |
| The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog (when the Welcome bar is active) | |||||