Skip to main content

Easy Table Of Contents

4 CVEs product

Monthly

CVE-2026-32343 MEDIUM This Month

Easy Table of Contents versions up to 2.0.80 are vulnerable to cross-site request forgery attacks that allow unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users through malicious web pages. The vulnerability requires user interaction to trigger but could result in unauthorized modifications to website content or settings. No patch is currently available for this issue.

CSRF Easy Table Of Contents
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-7082 MEDIUM POC This Month

The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Table Of Contents
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6334 MEDIUM POC This Month

The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Table Of Contents
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-5573 MEDIUM POC This Month

The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Table Of Contents
NVD WPScan
CVSS 3.1
5.9
EPSS
0.3%
EPSS 0% CVSS 4.3
MEDIUM This Month

Easy Table of Contents versions up to 2.0.80 are vulnerable to cross-site request forgery attacks that allow unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users through malicious web pages. The vulnerability requires user interaction to trigger but could result in unauthorized modifications to website content or settings. No patch is currently available for this issue.

CSRF Easy Table Of Contents
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Table Of Contents
NVD WPScan
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Table Of Contents
NVD WPScan
EPSS 0% CVSS 5.9
MEDIUM POC This Month

The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Table Of Contents
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy