crudlab CVE Vulnerabilities & CVE List (4)

Products (CPE): — CVEs: 4

crudlab vulnerability overview

Aggregates CVE and security vulnerability intelligence across all crudlab-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Common weakness patterns include vendor risk csrf and vendor risk cross-site scripting, with potential vendor impact session compromise across vendor surface software deployment and vendor surface production workloads use cases.

Vulnerability distribution trend (last 24 months)

Showing 14 of 4 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-32966 Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups leads to Stored XSS.This issue affects Jazz Popups: from n/a through 1.8.7. [email protected] 5.4 0.09% 2023-11-07 2026-04-28
CVE-2023-40199 Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions. [email protected] 5.4 0.09% 2023-10-03 2024-11-21
CVE-2023-32965 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab Jazz Popups plugin <= 1.8.7 versions. [email protected] 7.1 0.08% 2023-07-18 2024-11-21
CVE-2019-13344 An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter. [email protected] 5.3 58.06% 2019-07-05 2024-11-21
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence