Vulnerabilities and security researches for wp-abstracts-manuscripts-manager
Direction: ascendingJun 07, 2024
WP Abstracts # CVE-2023-29385
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 12, 2023
- Research Description
- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Abstracts # CVE-2023-36517
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 11, 2023
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Abstracts # CVE-2023-28692
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 30, 2023
- Research Description
- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.3 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Sep 26, 2024
WP Abstracts # CVE-2024-44045
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 06, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.6.5.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 28, 2024
WP Abstracts # CVE-2024-50411
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 29, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.7.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jan 20, 2025
WP Abstracts # CVE-2024-12385
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 18, 2025
- Research Description
- The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status() and wpabstracts_delete_abstracts() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable