Shodan
Vulnerabilities
Vulnerable Software
Mooveagency:  Security Vulnerabilities
CVE-2023-4013
The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-30
CVE-2023-4150
The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks
CVSS Score
4.3
EPSS Score
0.001
Published
2023-08-30
CVE-2019-25143
The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-06-07
CVE-2020-24148
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.
CVSS Score
9.1
EPSS Score
0.881
Published
2021-07-07
CVE-2021-24286
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
CVSS Score
6.1
EPSS Score
0.344
Published
2021-05-14
CVE-2021-24287
The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
CVSS Score
6.1
EPSS Score
0.186
Published
2021-05-14
CVE-2021-24247
The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-05-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved