CVE-2023-3814 Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server...

CVE-2023-3814 Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server...

CVE-2023-3814

CVE-2023-3814 affects the WordPress Advanced File Manager plugin prior to 5.1.1. The issue is an access control flaw on multisite setups that allows site administrators to enumerate and read arbitrary files and folders on the server due to inadequate authorization checks. Affected software: Advan...

CVE-2023-4253 Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4254 Chatbot < 4.7.8 - Admin+ Stored XSS in Language Settings

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Advanced File Manager Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. An Access Control Error vulnerability previously existed...

PT-2023-26320 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager WordPress plugin versions prior to 5.1.1 Description: The issue allows site admin users to list and read arbitrary files and folders on the server due to inadequate authorization on multisite installations...

YourMembership Single Sign On < 1.1.4 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4500

The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the order status parameter in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers admin or higher to inject...

CVE-2023-4160

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...

PT-2023-27993 · WordPress · Woocommerce Pdf Invoice Builder

Name of the Vulnerable Software and Affected Versions: WooCommerce PDF Invoice Builder plugin for WordPress versions up to, and including, 1.2.90 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This...

CVE-2023-3501

The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-1982

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-1982 Front Editor <= 4.0.4 - Admin+ Stored XSS

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3501 FormCraft < 1.2.7 - Admin+ Stored XSS

The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2023-17389 · WordPress · Front Editor

Name of the Vulnerable Software and Affected Versions: The Front Editor WordPress plugin versions 4.0.4 and earlier Description: The issue allows high-privilege users to perform Stored Cross-Site Scripting attacks due to the lack of sanitization and escaping of some form settings. This can occur...

Translate WordPress with GTranslate < 3.0.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. This vulnerability affects multiple...

NotifyVisitors <= 1.0 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

FileOrganizer < 1.0.3 - Admin+ Arbitrary File Access

Description The plugin does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. PoC On a multisite instance, log in as an admin. Click on File Organizer in the sidebar. The UI gives full control to the files on the server, despite not bein...