73 matches found
WordPress Restrict Content plugin <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability
Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Restrict Content versions = 3.2.13...
WordPress plugin Membership Plugin – Restrict Content 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure vulnerabili...
CVE-2025-23601 WordPress Tab My Content plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in patrice Tab My Content tab-my-content allows Reflected XSS.This issue affects Tab My Content: from n/a through = 1.0.0...
CVE-2025-23642 WordPress Sidebar-Content from Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pflonk Sidebar-Content from Shortcode sidebar-content-from-shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through = 2.0...
CVE-2025-23463 WordPress MD Custom content after or before of post plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Mukesh Dak MD Custom content after or before of post md-custom-content allows Stored XSS.This issue affects MD Custom content after or before of post: from n/a through = 1.0...
CVE-2024-11887 Geo Content <= 6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Geo Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'geotargetlygeocontent' shortcode in all versions up to, and including, 6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Protect Your Content Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Protect Your Content Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53728 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID b6bd5726d7de Credits SOPROBRO Require...
WordPress Structured Content Plugin <= 1.6.2 is vulnerable to Cross Site Scripting (XSS)
Software Structured Content Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43307 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID df5a04e07bd7 Credits Michael Required privilege...
PT-2024-36779 · WordPress · Insert/Embed Articulate Content Into Wordpress
Name of the Vulnerable Software and Affected Versions: Insert or Embed Articulate Content into WordPress plugin versions prior to 4.3000000024 Description: The issue allows authors to upload arbitrary files to the site, potentially enabling them to upload PHP shells on affected sites. This could...
PT-2024-20342 · WordPress · Website Content In Page/Post
Name of the Vulnerable Software and Affected Versions: Website Content in Page or Post WordPress plugin versions prior to 2024.04.09 Description: The issue concerns the Website Content in Page or Post WordPress plugin, which does not properly validate and escape certain shortcode attributes befor...
WordPress Advanced Floating Content Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Floating Content Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32723 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d833224f8b7e Credits Joshua Chan Required privile...
WordPress Plugin Church Content 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers. A security vulnerability exist...
WordPress Church Content plugin <= 2.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Church Content – Sermons, Events and More versions = 2.6...
WordPress Download Special Box for Content plugin <= 1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Special Box for Content versions = 1...
CVE-2024-0680
The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated...
WordPress plugin and WordPress cross-site scripting vulnerabilities
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Structured Content Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)
Software Structured Content Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49820 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4db95a68f57c Credits LVT-tholv2k Required privilege...
CVE-2023-47668
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin = 3.2.7 versions...
Code injection
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin = 3.2.7 versions...
CVE-2023-47668
The CVE concerns the StellarWP Membership Plugin – Restrict Content, affecting versions ≤ 3.2.7. The root cause is exposure of sensitive information to an unauthorised actor via the plugin’s legacy log mechanism (noted as legacy rcp-debug.log exposure). Practical impact is unauthenticated access ...