Infornweb CVE - CVE Search - CVE Details

Filtered by vendor Infornweb Subscribe

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-4749	1 Infornweb	1 Posts List Designer	2023-02-06	N/A	5.4 MEDIUM
The Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2022-4792	1 Infornweb	1 News \& Blog Designer Pack	2023-02-06	N/A	5.4 MEDIUM
The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
CVE-2021-24730	1 Infornweb	1 Logo Showcase With Slick Slider	2022-11-09	4.0 MEDIUM	4.3 MEDIUM
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media.
CVE-2021-24913	1 Infornweb	1 Logo Showcase With Slick Slider	2022-03-07	4.3 MEDIUM	4.3 MEDIUM
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.
CVE-2021-24729	1 Infornweb	1 Logo Showcase With Slick Slider	2021-12-16	3.5 LOW	5.4 MEDIUM
The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.

Vulnerabilities (CVE)