Aggregates CVE and security vulnerability intelligence across all davidjmiller-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk csrf and vendor risk cross-site scripting; exposure may include vendor impact session compromise in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-3972 | The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | [email protected] | 4.3 | 0.23% | 2024-06-14 | 2024-11-21 |
| CVE-2024-3971 | The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack | [email protected] | 4.3 | 0.20% | 2024-06-14 | 2025-03-13 |
| CVE-2023-7084 | The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks | [email protected] | 5.4 | 0.40% | 2024-01-16 | 2025-06-20 |
| CVE-2023-7083 | The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | [email protected] | 5.4 | 0.17% | 2024-01-16 | 2025-06-02 |