WordPress Scrollbar Customizer Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Scrollbar Customizer Type Plugin Vulnerable versions = 1.5.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 71d91cdab1e8 Credits Rafie Muhammad Patchstack...

WordPress Custom Login Page Customizer Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Custom Login Page Customizer Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 73bc975e043e Credits Rafie Muhammad...

WordPress Customizer custom controls with Drag and Drop builder – Customizely Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Customizer custom controls with Drag and Drop builder – Customizely Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress WordPress Form Customizer | CF7 Customizer Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Form Customizer | CF7 Customizer Type Plugin Vulnerable versions = 1.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3a6ce9d015a7 Credits Rafie...

CVE-2020-36737

The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astraadminerrors function. This makes it possible for unauthenticated attackers to display ...

Cross site request forgery (csrf)

The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astraadminerrors function. This makes it possible for unauthenticated attackers to display ...

CVE-2020-36737 Import / Export Customizer Settings <= 1.0.3 - Cross-Site Request Forgery Bypass

The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astraadminerrors function. This makes it possible for unauthenticated attackers to display ...

WordPress Plugin Import / Export Customizer Settings 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2022-46810

Cross-Site Request Forgery CSRF vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin = 1.0.13 versions...

CVE-2022-46810

CVE-2022-46810 concerns the VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin, affected versions ≤ 1.0.13. The vulnerability is Cross-Site Request Forgery (CSRF). Details from NVD indicate a high-severity issue (CVSS v3.1: 8.8, HIGH) with impact on confidentiality,...

CVE-2022-46810 WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin = 1.0.13 versions...

CVE-2022-46812

Cross-Site Request Forgery CSRF vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin = 1.0.13 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin = 1.0.13 versions...

CVE-2022-46812 WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin = 1.0.13 versions...

CVE-2022-46812

CVE-2022-46812 is a CSRF vulnerability in the VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin. Affected versions are those

CVE-2022-46812 WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin = 1.0.13 versions...

WordPress plugin Thank You Page Customizer for WooCommerce – Increase Your Sales 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin Thank You Page...

WordPress plugin Thank You Page Customizer for WooCommerce – Increase Your Sales 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin Thank You Page...

CVE-2023-1347

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1347

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...