cleantalk

Vulnerabilities and Security Researches

Vulnerabilities and security researches for wp-abstracts-manuscripts-manager

Direction: ascending

Jun 07, 2024

WP Abstracts # CVE-2023-29385

CVE, Research URL

CVE-2023-29385

Application

WP Abstracts

Date
Jun 12, 2023
Research Description
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.
Affected versions
Min -, max -.
Status
vulnerable

WP Abstracts # CVE-2023-36517

CVE, Research URL

CVE-2023-36517

Application

WP Abstracts

Date
Jul 11, 2023
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.
Affected versions
Min -, max -.
Status
vulnerable

WP Abstracts # CVE-2023-28692

CVE, Research URL

CVE-2023-28692

Application

WP Abstracts

Date
Aug 30, 2023
Research Description
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.3 versions.
Affected versions
Min -, max -.
Status
vulnerable

Sep 26, 2024

WP Abstracts # CVE-2024-44045

CVE, Research URL

CVE-2024-44045

Application

WP Abstracts

Date
Oct 06, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.6.5.
Affected versions
Min -, max -.
Status
vulnerable

Oct 28, 2024

WP Abstracts # CVE-2024-50411

CVE, Research URL

CVE-2024-50411

Application

WP Abstracts

Date
Oct 29, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.7.1.
Affected versions
Min -, max -.
Status
vulnerable

Jan 20, 2025

WP Abstracts # CVE-2024-12385

CVE, Research URL

CVE-2024-12385

Application

WP Abstracts

Date
Jan 18, 2025
Research Description
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status() and wpabstracts_delete_abstracts() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max -.
Status
vulnerable

Feb 13, 2025

WP Abstracts # CVE-2024-12386

CVE, Research URL

CVE-2024-12386

Application

WP Abstracts

Date
Feb 12, 2025
Research Description
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3. This is due to missing nonce validation on multiple functions. This makes it possible for unauthenticated attackers to delete arbitrary accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max -.
Status
vulnerable