Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Jeff Starr Security Vulnerabilities

cve
cve

CVE-2023-7251

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-03-26 09:15 AM
27
cve
cve

CVE-2023-45603

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through...

9.8CVSS

9.3AI Score

0.001EPSS

2023-12-20 07:15 PM
45
cve
cve

CVE-2023-49743

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through...

5.9CVSS

5.4AI Score

0.0004EPSS

2023-12-14 03:15 PM
40
cve
cve

CVE-2022-25601

Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <=...

6.1CVSS

6.4AI Score

0.002EPSS

2022-03-11 06:15 PM
113
cve
cve

CVE-2023-26517

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1...

5.9CVSS

4.8AI Score

0.0005EPSS

2023-05-06 07:15 AM
15
cve
cve

CVE-2022-25610

Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to...

6.1CVSS

5.7AI Score

0.001EPSS

2022-03-25 07:15 PM
55
cve
cve

CVE-2022-27850

Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat...

5.4CVSS

4.6AI Score

0.001EPSS

2022-04-15 05:15 PM
56
cve
cve

CVE-2022-27849

Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <=...

7.5CVSS

7.3AI Score

0.005EPSS

2022-04-15 05:15 PM
64
cve
cve

CVE-2021-24408

The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the....

5.4CVSS

5.2AI Score

0.001EPSS

2021-07-12 08:15 PM
22
7
cve
cve

CVE-2021-24409

The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in...

6.1CVSS

6AI Score

0.002EPSS

2021-07-12 08:15 PM
33
7