Artplacer

artplacer

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Artplacer Widget

artplacer_widget

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-7269 1Artplacer 1Artplacer Widget Jun 17, 2026 Jul 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads vi...Show more The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2023-7268 1Artplacer 1Artplacer Widget Jun 17, 2026 Jul 19, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets
CVE-2023-6373 1Artplacer 1Artplacer Widget Jun 17, 2026 Jan 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, th...Show more The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above)Show less