Mooveagency

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-0970 1Mooveagency 1User Activity Tracking And Log Nov 13, 2025 May 15, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value.
CVE-2025-1624 1Mooveagency 1Gdpr Cookie Compliance Apr 2, 2025 Mar 16, 2025 N/A· v4 3.5 LOW· v3 N/A· v2 The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...Show more The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2025-1623 1Mooveagency 1Gdpr Cookie Compliance Apr 2, 2025 Mar 16, 2025 N/A· v4 3.5 LOW· v3 N/A· v2 The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...Show more The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2025-1622 1Mooveagency 1Gdpr Cookie Compliance Apr 2, 2025 Mar 16, 2025 N/A· v4 3.5 LOW· v3 N/A· v2 The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...Show more The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2025-1621 1Mooveagency 1Gdpr Cookie Compliance Apr 2, 2025 Mar 16, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...Show more The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2025-1620 1Mooveagency 1Gdpr Cookie Compliance Apr 2, 2025 Mar 16, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...Show more The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2025-1619 1Mooveagency 1Gdpr Cookie Compliance Apr 2, 2025 Mar 16, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...Show more The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2025-2205 1Mooveagency 1Gdpr Cookie Compliance Jul 8, 2025 Mar 12, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.1...Show more The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.15.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.Show less
CVE-2023-4521 1Mooveagency 1Import Xml And Rss Feeds Apr 23, 2025 Sep 25, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for...Show more The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.Show less
CVE-2023-4300 1Mooveagency 1Import Xml And Rss Feeds Apr 23, 2025 Sep 25, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.
CVE-2023-4150 1Mooveagency 1User Activity Tracking And Log Apr 23, 2025 Aug 30, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license...Show more The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacksShow less
CVE-2023-4013 1Mooveagency 1Gdpr Cookie Compliance Apr 23, 2025 Aug 30, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactiva...Show more The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacksShow less
CVE-2019-25143 1Mooveagency 1Gdpr Cookie Compliance Apr 8, 2026 Jun 7, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. Th...Show more The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings.Show less
CVE-2020-24148 1Mooveagency 1Import Xml And Rss Feeds Nov 21, 2024 Jul 7, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.
CVE-2021-24287 1Mooveagency 1Select All Categories And Taxonomies, Change Checkbox To Radio Buttons Nov 21, 2024 May 14, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected...Show more The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issueShow less
CVE-2021-24286 1Mooveagency 1Redirect 404 To Parent Nov 21, 2024 May 14, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
CVE-2021-24247 1Mooveagency 1Contact Form Check Tester Nov 21, 2024 May 6, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave...Show more The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.Show less