CVE-2023-5815

The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdpgetmorepost...

CVE-2023-5815

The News & Blog Designer Pack WordPress plugin (

PT-2023-32349 · WordPress · The News & Blog Designer Pack

Name of the Vulnerable Software and Affected Versions: The News & Blog Designer Pack – WordPress Blog Plugin versions up to, and including, 3.4.1 Description: The issue is related to Remote Code Execution via Local File Inclusion. This is due to the bdp get more post function utilizing an unsafe...

WordPress Blog Designer - Post and Widget Plugin <= 2.5.1 is vulnerable to Broken Access Control

Software Blog Designer - Post and Widget Type Plugin Vulnerable versions = 2.5.1 Fixed in 2.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 364b0ab37c11 Credits Abdi Pranata...

WordPress Full Page Blog Designer Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Full Page Blog Designer Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ac6f41a33fc8 Credits Rafie Muhammad Patchstack...

CVE-2022-4793

The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4792 News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode

The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4792

CVE-2022-4792 affects the WordPress plugin “News & Blog Designer Pack” (pre-3.3). The flaw is improper validation/escaping of a shortcode attribute, enabling a user with at least contributor privileges to perform a Stored XSS attack. Impact is limited to data/JS execution via the vulnerable short...

CVE-2022-4793

CVE-2022-4793 affects the WordPress plugin Blog Designer – Post and Widget

CVE-2022-4793 Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode

The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4793 Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode

The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

WordPress plugin News & Blog Designer Pack 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress plugin Blog Designer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Blog Designer - Post and Widget Plugin < 2.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Blog Designer - Post and Widget Type Plugin Vulnerable versions 2.4.1 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4793 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d4fed6181a18 Credits Istv...

WordPress Full Page Blog Designer plugin <= 1.0.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Full Page Blog Designer plugin versions = 1.0.2. Solution No patched version available...

WordPress Full Page Blog Designer plugin <= 1.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Full Page Blog Designer plugin versions = 1.0.2. Solution No patched version available...

WordPress Blog Designer plugin <= 1.8.10 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability found by Luka Sikic WordPress Blog Designer plugin versions = 1.8.10. Solution Update the WordPress Blog Designer plugin to the latest available version at least 1.8.11...

Blog Designer <= 1.8.10 - Unauthenticated Stored Cross-Site Scripting (XSS)

The Blog Designer WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. Send POST request to: /wp-admin/admin-ajax.php?action=save&updated=true With request body: customcss=confirm1...