Threat-Lens CVE Hub

Products

1 vendor

Vendor	Products	CVEs	KEV	Avg EPSS	Worst Severity
danielpowney	2	6	0	23.3%	HIGH

CVE ID	Description	Severity	CVSS	KEV	EPSS	Published
CVE-2025-1033	The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).	MEDIUM	4.8	—	13.8%	May 15, 2025
CVE-2024-13828	The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.	MEDIUM	6.1	—	19.5%	May 15, 2025
CVE-2023-32125	Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.	HIGH	8.8	—	23.2%	Nov 9, 2023
CVE-2023-32130	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.	MEDIUM	4.8	—	28.8%	Aug 18, 2023
CVE-2022-47433	Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.	MEDIUM	6.1	—	30.1%	Mar 29, 2023
CVE-2022-47443	Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.	HIGH	8.8	—	24.4%	Mar 14, 2023