The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to...
8.1CVSS
4.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit,...
5.4CVSS
5.6AI Score
0.0005EPSS
Cross-site scripting (XSS) vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users with the "Edit path based meta tags" permission to inject arbitrary web script or HTML via vectors related to deleting.....
5.3AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node...
5.5AI Score
0.001EPSS