MidnightBSD

Advisories for themeist

CVE-2014-10376 HIGH

The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
themeist i_recommend_this *
CVE-2014-125099 MEDIUM

A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
themeist i_recommend_this *
CVE-2023-23673

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Harish Chouhan, Themeist I Recommend This plugin <= 3.8.3 versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
themeist i_recommend_this *
CVE-2023-28696

Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.This issue affects I Recommend This: from n/a through 3.9.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
audit@patchstack.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
themeist i_recommend_this *