Filtered by vendor Projectcaruso Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-3966 1 Projectcaruso 1 Pray For Me 2024-10-28 6.1 Medium
The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin
CVE-2024-7691 1 Projectcaruso 1 Flaming Forms 2024-10-04 5.4 Medium
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.
CVE-2024-7692 1 Projectcaruso 1 Flaming Forms 2024-10-04 6.1 Medium
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.