WordPress Modal Window plugin <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via iframeBox Shortcode vulnerability discovered by Bassem Essam in WordPress Plugin Modal Window versions = 6.1.5...

WordPress BP Better Messages plugin <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Bassem Essam in WordPress Plugin BP Better Messages versions = 2.6.9...

WordPress Nested Pages plugin <= 3.2.7 - Cross-Site Request Forgery to Local File Inclusion vulnerability

Cross-Site Request Forgery to Local File Inclusion vulnerability discovered by Bassem Essam in WordPress Plugin Nested Pages versions = 3.2.7...

WordPress Nested Pages Plugin <= 3.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Nested Pages Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5943 Patch priority Low CVSS severity Low 8.3 Developer Claim ownership PSID ec525e948d0f Credits Bassem Essam Required...

$563 Bounty Awarded for Reflected Cross-Site Scripting Vulnerability Patched in Yoast SEO WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On April 22th, 2024, during our second Bug Bounty Extravaganza, w...

WordPress WP ULike plugin <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes vulnerability

Authenticated Contributor+ SQL Injection via Shortcodes vulnerability discovered by Bassem Essam in WordPress Plugin WP ULike versions = 4.6.9...