Squirrly Starbox
6 CVEs affecting Squirrly Starbox. Latest disclosed: 2024-09-30. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-6806 | Medium | 6.4 | 2024-02-29 | The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3… |
CVE-2024-0256 | Medium | 6.4 | 2024-02-07 | The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and inclu… |
CVE-2024-1273 | Medium | 6.1 | 2024-03-11 | The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cr… |
CVE-2024-8239 | Medium | 5.4 | 2024-09-30 | The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages… |
CVE-2024-7955 | Medium | 4.8 | 2024-09-10 | The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform S… |
CVE-2024-0366 | Medium | 4.3 | 2024-02-05 | The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via… |