MidnightBSD

Advisories for info-d-74

CVE-2023-45645

Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Street Map plugin <= 1.25 versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L 2.8 2.5
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
info-d-74 open_street_map *
CVE-2024-3937

The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Products Affected

Vendor Product Version
info-d-74 playlist_for_youtube *
CVE-2024-45460

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in manu225 Flipping Cards flipping-cards allows Stored XSS.This issue affects Flipping Cards: from n/a through <= 1.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
info-d-74 flipping_cards *
CVE-2024-4602

The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Products Affected

Vendor Product Version
info-d-74 embed_peertube_playlist *