Justintadlock

justintadlock

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-8090 1Justintadlock 1Javascript Logic May 27, 2025 May 15, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via...Show more The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.Show less
CVE-2024-8082 1Justintadlock 1Widgets Reset Jun 12, 2025 May 15, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2024-8090

1Justintadlock

1Javascript Logic

May 27, 2025

May 15, 2025

N/A· v4

6.1 MEDIUM· v3

N/A· v2

The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via...Show more

CVE-2024-8082

1Justintadlock

1Widgets Reset

Jun 12, 2025

May 15, 2025

N/A· v4

4.3 MEDIUM· v3

N/A· v2

The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack