Yoohooplugins

yoohooplugins

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-27461 1Yoohooplugins 1When Last Login Jun 17, 2026 Nov 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions.
CVE-2021-24592 1Yoohooplugins 1Sitewide Notice Jun 17, 2026 Aug 30, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfi...Show more The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedShow less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2023-27461

1Yoohooplugins

1When Last Login

Jun 17, 2026

Nov 22, 2023

N/A· v4

8.8 HIGH· v3

N/A· v2

Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions.

CVE-2021-24592

1Yoohooplugins

1Sitewide Notice

Jun 17, 2026

Aug 30, 2021

N/A· v4

4.8 MEDIUM· v3

3.5 LOW· v2

The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfi...Show more