CVE-2023-23979

The CVE-2023-23979 entry concerns the WordPress Quick Event Manager plugin (Fullworks) with an unauthenticated Stored Cross-Site Scripting (XSS) vulnerability affecting versions prior to 9.7.5. The issue is tied to improper handling of input (e.g., the "yourname" parameter) leading to XSS. No exp...

CVE-2022-47154 WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin = 2.4.49 versions...

Debian: Security Advisory (DSA-1976-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-0144 Event Manager and Tickets Selling Plugin for WooCommerce < 3.8.0 - Contributor+ Stored XSS

The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-26329

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL...

Privilege escalation

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL...

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23979 Patch priority Medium CVSS severity Medium 7.1 Developer Fullworks Plugins PSID c7609f23707d Credits yuyudhn...

Cross site scripting

The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins...

CVE-2022-4755

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scriptin...

CVE-2022-4755

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scriptin...

Cross site scripting

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scriptin...

CVE-2022-4755 FlatPress Media Manager Plugin panel.mediamanager.file.php main cross site scripting

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scriptin...

CVE-2022-4755

FlatPress vulnerability CVE-2022-4755 affects the Mediamanager plugin’s panel.mediamanager.file.php main function. The issue arises from unvalidated handling of the mm-newgallery-name argument, enabling cross-site scripting. Exploitation may be remote; patch d3f329496536dc99f9707f2f295d571d65a496...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. FlatPress has a cross-site scripting vulnerability, the vulnerability stems from a problem with the function main in the fp-plugins/mediamanager/panels/panel.mediamanager.file.php file of the component...

CVE-2022-4124 Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...

FlatPress < 1.3 Multiple Vulnerabilities

FlatPress is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-26366

Cross-Site Request Forgery CSRF in AdRotate Banner Manager Plugin = 5.9 on WordPress...

CVE-2022-42460

Broken Access Control vulnerability leading to Stored Cross-Site Scripting XSS in Traffic Manager plugin = 1.4.5 on WordPress...

Cross site scripting

Broken Access Control vulnerability leading to Stored Cross-Site Scripting XSS in Traffic Manager plugin = 1.4.5 on WordPress...

CVE-2022-42460

CVE-2022-42460 affects the WordPress Traffic Manager plugin up to version 1.4.5, with a Broken Access Control flaw that enables Stored Cross-Site Scripting (XSS). The root cause is insufficient access controls on the plugin, allowing stored payloads that can be executed in users with a range of p...