cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwp-multitasking wp-multitasking

Direction: ascending
Aug 16, 2024

WP MultiTasking – WP Utilities # CVE-2024-6856

CVE, Research URL

CVE-2024-6856

Home page URL

Security reports for WP MultiTasking – WP Utilities

Application

WP MultiTasking – WP Utilities

Date
Sep 08, 2024
Research Description
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Affected versions
Min -, max -.
Status
vulnerable

WP MultiTasking – WP Utilities # CVE-2024-6853

CVE, Research URL

CVE-2024-6853

Home page URL

Security reports for WP MultiTasking – WP Utilities

Application

WP MultiTasking – WP Utilities

Date
Sep 08, 2024
Research Description
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack
Affected versions
Min -, max -.
Status
vulnerable

WP MultiTasking – WP Utilities # CVE-2024-6859

CVE, Research URL

CVE-2024-6859

Home page URL

Security reports for WP MultiTasking – WP Utilities

Application

WP MultiTasking – WP Utilities

Date
Sep 08, 2024
Research Description
The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions
Min -, max -.
Status
vulnerable

WP MultiTasking – WP Utilities # CVE-2024-6855

CVE, Research URL

CVE-2024-6855

Home page URL

Security reports for WP MultiTasking – WP Utilities

Application

WP MultiTasking – WP Utilities

Date
Sep 08, 2024
Research Description
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack
Affected versions
Min -, max -.
Status
vulnerable

WP MultiTasking – WP Utilities # CVE-2024-6852

CVE, Research URL

CVE-2024-6852

Home page URL

Security reports for WP MultiTasking – WP Utilities

Application

WP MultiTasking – WP Utilities

Date
Sep 08, 2024
Research Description
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Affected versions
Min -, max -.
Status
vulnerable
Sep 29, 2024

WP MultiTasking – WP Utilities # CVE-2024-8189

CVE, Research URL

CVE-2024-8189

Home page URL

Security reports for WP MultiTasking – WP Utilities

Application

WP MultiTasking – WP Utilities

Date
Sep 28, 2024
Research Description
The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max -.
Status
vulnerable
May 08, 2025

WP MultiTasking – WP Utilities # CVE-2024-6857

CVE, Research URL

CVE-2024-6857

Home page URL

Security reports for WP MultiTasking – WP Utilities

Application

WP MultiTasking – WP Utilities

Date
Apr 09, 2025
Research Description
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack
Affected versions
Min -, max -.
Status
vulnerable

WP MultiTasking – WP Utilities # CVE-2024-6860

CVE, Research URL

CVE-2024-6860

Home page URL

Security reports for WP MultiTasking – WP Utilities

Application

WP MultiTasking – WP Utilities

Date
Apr 09, 2025
Research Description
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack
Affected versions
Min -, max -.
Status
vulnerable