Vulnerabilities and security researches foramministrazione-trasparente amministrazione-trasparente

Jun 07, 2024

CVE, Research URL: a398b4e89f572011714fb298ebff770571e7e08f
Home page URL: Security reports for Amministrazione Trasparente
Application: Amministrazione Trasparente
Date: Jul 05, 2021
Research Description: Amministrazione Trasparente [amministrazione-trasparente] < 7.1.1 WordPress Amministrazione Trasparente plugin <= 7.1 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Amministrazione Trasparente plugin (versions <= 7.1)
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-4398
Home page URL: Security reports for Amministrazione Trasparente
Application: Amministrazione Trasparente
Date: Jul 01, 2023
Research Description: The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the at_save_aturl_meta() function. This makes it possible for unauthenticated attackers to update meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: -
Home page URL: Security reports for Amministrazione Trasparente
Application: Amministrazione Trasparente
Date: Jun 07, 2023
Research Description: Rejected reason: CVE split into individual CVE IDs for each software record.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-45758
Home page URL: Security reports for Amministrazione Trasparente
Application: Amministrazione Trasparente
Date: Oct 25, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Amministrazione Trasparente plugin <= 8.0.2 versions.
Affected versions: Min -, max -.
Status: vulnerable

Sep 01, 2025

CVE, Research URL: CVE-2025-5083
Home page URL: Security reports for Amministrazione Trasparente
Application: Amministrazione Trasparente
Date: Aug 31, 2025
Research Description: The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable