Vulnerabilities and security researches for wp-abstracts-manuscripts-manager
Direction: ascendingJun 07, 2024
WP Abstracts # CVE-2023-29385
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 12, 2023
- Research Description
- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Abstracts # CVE-2023-36517
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 11, 2023
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Abstracts # CVE-2023-28692
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 30, 2023
- Research Description
- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.3 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Sep 26, 2024
WP Abstracts # CVE-2024-44045
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 06, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.6.5.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 28, 2024
WP Abstracts # CVE-2024-50411
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 29, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.7.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jan 20, 2025
WP Abstracts # CVE-2024-12385
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 18, 2025
- Research Description
- The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status() and wpabstracts_delete_abstracts() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Feb 13, 2025
WP Abstracts # CVE-2024-12386
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 12, 2025
- Research Description
- The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3. This is due to missing nonce validation on multiple functions. This makes it possible for unauthenticated attackers to delete arbitrary accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable