Projectcaruso

projectcaruso

4 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-7692 1Projectcaruso 1Flaming Forms Jun 17, 2026 Sep 2, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege user...Show more The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.Show less
CVE-2024-7691 1Projectcaruso 1Flaming Forms Jun 17, 2026 Sep 2, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.
CVE-2024-3966 1Projectcaruso 1Pray For Me Jun 17, 2026 Jun 14, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Reque...Show more The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP AdminShow less
CVE-2024-3965 1Projectcaruso 1Pray For Me Jun 17, 2026 Jun 14, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack