Wp Multitasking

wp_multitasking

Vendor: Ngothang • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-6860 1Ngothang 1Wp Multitasking Apr 22, 2025 Apr 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack
CVE-2024-6857 1Ngothang 1Wp Multitasking Apr 22, 2025 Apr 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF at...Show more The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attackShow less
CVE-2024-8189 1Ngothang 1Wp Multitasking Oct 7, 2024 Sep 28, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization...Show more The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.Show less
CVE-2024-6859 1Ngothang 1Wp Multitasking Sep 11, 2024 Sep 8, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the...Show more The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2024-6856 1Ngothang 1Wp Multitasking Sep 11, 2024 Sep 8, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-6855 1Ngothang 1Wp Multitasking Sep 11, 2024 Sep 8, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack
CVE-2024-6853 1Ngothang 1Wp Multitasking Sep 11, 2024 Sep 8, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack
CVE-2024-6852 1Ngothang 1Wp Multitasking Sep 11, 2024 Sep 8, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack