| CVE/PSC | Application | Date | Affected versions | Description |
|---|---|---|---|---|
| Actual on: Jun 30, 2025, 05:06:03 | Entries count: 3 | |||
|
WordPress + Microsoft Office 365 / Azure AD | LOGIN
vulnerable
|
Jun 06, 2024, 23:06:47 |
Min -
Max 28.0
|
The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pintra' shortcode in all versions up to, and including, 27.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
|
WordPress + Microsoft Office 365 / Azure AD | LOGIN
vulnerable
|
Jun 06, 2024, 23:06:47 |
Min -
Max 15.4
|
The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application user... | |
|
WordPress + Microsoft Office 365 / Azure AD | LOGIN
vulnerable
|
Jun 06, 2024, 23:06:47 |
Min -
Max 11.7
|
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass. | |