WordPress plugin Social Icons Widget & Block by WPZOOM Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Social Icons Widget & Block plugin < 4.2.18 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Social Icons Widget & Block by WPZOOM versions 4.2.18...

PDF Block <= 1.1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-45646

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Henryholtgeerts PDF Block plugin = 1.1.0 versions...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Henryholtgeerts PDF Block plugin = 1.1.0 versions...

CVE-2023-45646 WordPress PDF Block Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Henryholtgeerts PDF Block plugin = 1.1.0 versions...

WordPress PDF Block Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software PDF Block Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45646 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db7b4dd9bebf Credits Mika Required privilege...

CVE-2023-44261

Cross-Site Request Forgery CSRF vulnerability in Dinesh Karki Block Plugin Update plugin = 3.3 versions...

CVE-2023-44261

Cross-Site Request Forgery CSRF vulnerability in Dinesh Karki Block Plugin Update plugin = 3.3 versions...

CVE-2023-44261 WordPress Block Plugin Update Plugin <= 3.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Dinesh Karki Block Plugin Update plugin = 3.3 versions...

CVE-2023-44261

CVE-2023-44261 is a CSRF vulnerability in WordPress Block Plugin Update (

WordPress Plugin Block Plugin Update Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Apache APISIX < 2.10.2 Security Bypass

The version of Apache APISIX installed on the remote host is prior to 2.10.2. It is, therefore, potentially affected by a security bypass vulnerability. The uri-block plugin in Apache APISIX before 2.10.2 uses $requesturi without verification. The $requesturi is the full original request URI...

WordPress Block Plugin Update Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Block Plugin Update Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44261 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f0f21aec1564 Credits Abdi Pranata...

GHSA-7CH3-7PP7-7CPQ Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users

Impact This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/api API explorer endpoint could reveal the names of both databases an...

PT-2023-22813 · WordPress · Form Block

Name of the Vulnerable Software and Affected Versions: Form block versions prior to 1.0.2 Description: The Form block WordPress plugin is subject to a Cross-Site Request Forgery CSRF due to a missing nonce check. This allows requests to be sent to forms from any website without the user's...

WordPress plugin Form block 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

PT-2022-25537 · WordPress · Ip Location Block Plugin

Name of the Vulnerable Software and Affected Versions: IP Location Block Plugin affected versions not specified Description: A vulnerability was found in the IP Location Block Plugin, affecting an unknown functionality of the component HTTP Header Handler. The manipulation of the X-Forwarded-For...

DRUPAL-CONTRIB-2022-044

Entity Browser Block provides a Block Plugin for every Entity Browser on your site. The module didn't sufficiently check entity view access in the block form. This vulnerability is mitigated by the fact that an attacker must be able to place a block - either through the core "Block Layout" page o...

Entity Browser Block - Moderately critical - Access bypass - SA-CONTRIB-2022-044

Entity Browser Block provides a Block Plugin for every Entity Browser on your site. The module didn't sufficiently check entity view access in the block form. This vulnerability is mitigated by the fact that an attacker must be able to place a block - either through the core "Block Layout" page o...