CVE-2023-52130 WordPress Affiliates Manager Plugin <= 2.9.31 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31...

CVE-2023-6421 Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one...

PT-2024-14953 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager WordPress plugin versions prior to 3.2.83 Description: The issue concerns the Download Manager WordPress plugin, which does not protect file download passwords. When an invalid password is received, the password is leaked...

CVE-2022-47599

Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a...

PT-2023-15422 · WordPress · File Manager

Name of the Vulnerable Software and Affected Versions: File Manager – 100% Free & Open Source File Manager Plugin for WordPress versions n/a through 5.2.7 Description: The issue is related to Deserialization of Untrusted Data, which affects the File Manager plugin for WordPress. Recommendations:...

CVE-2023-49860 WordPress WP Project Manager Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project...

CVE-2023-47659

CVE-2023-47659 is a stored XSS vulnerability in the Lava Directory Manager WordPress plugin by Lavacode, affecting versions up to 1.1.34. The vulnerability is exploitable by an authenticated contributor (per Patchstack) and remains unpatched in the public release history. Multiple sources corrobo...

CVE-2023-34002 WordPress WP Inventory Manager plugin <= 2.1.0.13 - Cross Site Request Forgery (CSRF) vulnerability

A vulnerability in mylacventures WP Inventory Manager wp-inventory-manager.This issue affects WP Inventory Manager: from n/a through = 2.1.0.13...

CVE-2023-47182

Cross-Site Request Forgery CSRF leading to a Stored Cross-Site Scripting XSS vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin = 3.5.2 versions...

CVE-2023-47182

CVE-2023-47182 affects the WordPress plugin “Nazmul Hossain Nihal Login Screen Manager” ≤ 3.5.2. The root issue is a CSRF vulnerability that enables a Stored XSS payload when a logged-in admin is targeted, due to missing CSRF checks and insufficient sanitisation/escaping in some code paths. Repor...

The vulnerability of the Jenkins VMware Lab Manager Slaves Plugin involves disabling the global use of SSL/TLS protocols and verifying the authenticity of the host name for the virtual machine (JVM). This allows an attacker to execute a “man-in-the-middle” attack.

The vulnerability of the Jenkins VMware Lab Manager Slaves Plugin relates to the disabling of global use of SSL/TLS protocols and identity verification for virtual machine JVM hosts. Exploiting this vulnerability allows a malicious actor to carry out a “man-in-the-middle” attack...

CVE-2023-5426 Post Meta Data Manager <=1.2.0 - Missing Authorization to User, Term, and Post Meta Deletion

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpdeleteusermeta, pmdmwpdeletetermmeta, and pmdmwpajaxdeletemeta functions in versions up to, and including, 1.2.0. This makes it possible for...

CVE-2023-46152

Cross-Site Request Forgery CSRF vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin = 1.0.7.1 versions...

PT-2023-29672 · Spider Teams · Spider Teams Applyonline

Name of the Vulnerable Software and Affected Versions: Spider Teams ApplyOnline – Application Form Builder and Manager plugin versions = 2.5.2 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject...

WP Simple Table Manager Plugin <= 1.5.6 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Click Simple Table Manager then...

CVE-2023-39989

Cross-Site Request Forgery CSRF vulnerability in 99robots Header Footer Code Manager plugin = 1.1.34 versions...

CVE-2023-1977

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...

CVE-2023-36530

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smartypants SP Project & Document Manager plugin = 4.67 versions...

CVE-2023-36530

CVE-2023-36530 is a Stored XSS affecting the WordPress plugin SP Project & Document Manager (versions

WordPress Plugin Custom Field For WP Job Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...