Vulnerabilities (CVE)

Filtered by vendor Wpkube Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29414 1 Wpkube 1 Subscribe To Comments Reloaded 2022-05-10 5.8 MEDIUM 5.4 MEDIUM
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.
CVE-2021-24745 1 Wpkube 1 About Author Box 2021-11-29 3.5 LOW 5.4 MEDIUM
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.
CVE-2021-24682 1 Wpkube 1 Cool Tag Cloud 2021-11-02 3.5 LOW 5.4 MEDIUM
The Cool Tag Cloud WordPress plugin before 2.26 does not escape the style attribute of the cool_tag_cloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.