Skip to main content

Liquid Speech Balloon

2 CVEs product

Monthly

CVE-2023-27889 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Liquid Speech Balloon
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-17070 MEDIUM This Month

The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Liquid Speech Balloon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
EPSS 0% CVSS 8.8
HIGH This Week

Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Liquid Speech Balloon
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Liquid Speech Balloon
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy