Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gopostmatic Subscribe
Filtered by product Replyable
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4265 1 Gopostmatic 1 Replyable 2023-03-10 N/A 8.8 HIGH
The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated user
CVE-2015-9411 1 Gopostmatic 1 Replyable 2019-10-02 4.3 MEDIUM 6.1 MEDIUM
The Postmatic plugin before 1.4.6 for WordPress has XSS.