Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1904 | 1 Fatcatapps | 1 Easy Pricing Tables | 2022-07-06 | 2.6 LOW | 6.1 MEDIUM |
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting | |||||
CVE-2021-36866 | 1 Fatcatapps | 1 Easy Pricing Tables | 2022-06-09 | 3.5 LOW | 4.8 MEDIUM |
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. | |||||
CVE-2021-25098 | 1 Fatcatapps | 1 Easy Pricing Tables | 2022-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash |