← Back

Poeditor

poeditor

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Poeditor
poeditor

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Poeditor
1Poeditor
Jun 17, 2026
Apr 15, 2024
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8.
1Poeditor
1Poeditor
Jun 17, 2026
Oct 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.
1Poeditor
1Poeditor
Jun 17, 2026
Aug 30, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its AP...Show more
The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks.Show less