Dev4press: Security Vulnerabilities
The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin
CVSS Score
6.1
EPSS Score
0.002
Published
2025-05-15
The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value
CVSS Score
5.3
EPSS Score
0.002
Published
2024-04-17
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.This issue affects GD Rating System: from n/a through 3.5.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-02-29
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-11-06
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <= 1.6.1 versions.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-09-27
The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
7.2
EPSS Score
0.007
Published
2023-07-12
Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-12-06
The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-27
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
CVSS Score
4.0
EPSS Score
0.007
Published
2015-08-18
Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
CVSS Score
4.3
EPSS Score
0.002
Published
2015-08-18
Page 1