All 7 CVE vulnerabilities found in WP To Do, with AI-generated Chinese analysis, references, and POCs.
Vendor: Delower
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-3944 | WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Task Comments CWE-79 | 4.4 | Medium | 2024-08-29 |
| CVE-2024-37539 | WordPress WP To Do plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability CWE-79 | 6.5 | Medium | 2024-07-06 |
| CVE-2024-3946 | WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings CWE-79 | 4.4 | Medium | 2024-05-30 |
| CVE-2024-3947 | WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings CWE-352 | 4.3 | Medium | 2024-05-30 |
| CVE-2024-3945 | WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage() CWE-352 | 4.3 | Medium | 2024-05-30 |
| CVE-2024-3943 | WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_addcomment CWE-352 | 4.3 | Medium | 2024-05-30 |
| CVE-2024-22292 | WordPress WP To Do Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS) CWE-79 | 6.5 | Medium | 2024-01-31 |
All 7 known CVE vulnerabilities affecting WP To Do with full Chinese analysis, references, and POCs where available.