ARI Fancy Lightbox – WordPress Popup Security Vulnerabilities

CVE-2023-51507

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through...

CVE-2023-51516

Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...

CVE-2023-51507

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through...

CVE-2023-51516

Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...

CVE-2023-51523

Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through...

CVE-2023-51523

Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through...

CVE-2023-51507 WordPress Quiz And Survey Master plugin <= 8.1.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through...

CVE-2023-51516 WordPress Business Directory Plugin – Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...

CVE-2023-51516 WordPress Business Directory Plugin – Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...

CVE-2023-51523 WordPress WooCommerce Easy Duplicate Product plugin <= 0.3.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through...

CVE-2023-51523 WordPress WooCommerce Easy Duplicate Product plugin <= 0.3.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through...

CVE-2023-37394

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through...

CVE-2023-37394

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through...

CVE-2023-36695

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

CVE-2023-36504

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...

CVE-2023-35045

Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...

CVE-2023-36695

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

CVE-2023-36694

Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through...

CVE-2023-35045

Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...

CVE-2023-36504

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...

CVE-2023-36694

Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through...

CVE-2023-29174

Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through...

CVE-2023-35040

Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through...

CVE-2023-35040

Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through...

CVE-2023-29174

Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through...

YITH WooCommerce Product Add-Ons < 4.9.3 - Unauthenticated Content Injection

Description The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to Content Injection in all versions up to, and including, 4.9.2. This is due to the plugin not properly validating a field that can be updated. This makes it possible for unauthenticated attackers to inject...

Premium Support Tickets For WHMCS 1.2.10 Cross Site Scripting

...

tagDiv Composer < 4.9 - Authenticated (Contributor+) Local File Inclusion via Shortcode

Description The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

Newspaper < 12.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta

Description The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

tagDiv Composer < 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta

Description The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)

...

CVE-2023-29174 WordPress SKU Label Changer For WooCommerce plugin <= 3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through...

CVE-2023-29174 WordPress SKU Label Changer For WooCommerce plugin <= 3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through...

CVE-2023-35040 WordPress SendPress Newsletters plugin <= 1.23.11.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through...

CVE-2023-35045 WordPress Fat Rat Collect plugin <= 2.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...

CVE-2023-35045 WordPress Fat Rat Collect plugin <= 2.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...

CVE-2023-36504 WordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...

CVE-2023-36694 WordPress Kingkong Board plugin <= 2.1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through...

CVE-2023-36695 WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

CVE-2023-36695 WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

CVE-2023-37394 WordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

CVE-2024-4371

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

CVE-2024-4371

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

CVE-2024-3073

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....