CVE-2023-49179 WordPress Event post Plugin <= 5.8.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS.This issue affects Event post: from n/a through 5.8.6...

Seraphinite Post .DOCX Source < 2.16.7 - Settings Update/Reset/Import via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin perform such actions CSRF attacks...

CVE-2023-34378

Cross-Site Request Forgery CSRF vulnerability in scriptburn.Com WP Hide Post plugin = 2.0.10 versions...

CVE-2023-34378

Cross-Site Request Forgery CSRF vulnerability in scriptburn.Com WP Hide Post plugin = 2.0.10 versions...

CVE-2023-34171 WordPress WP Report Post plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability

A vulnerability in Alex Raven WP Report Post wp-report-post.This issue affects WP Report Post: from n/a through = 2.1.2...

CVE-2023-45769 WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Alex Raven WP Report Post plugin = 2.1.2 versions...

CVE-2023-45769 WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Alex Raven WP Report Post plugin = 2.1.2 versions...

CVE-2023-45769

CVE-2023-45769 affects WordPress WP Report Post plugin

WordPress plugin Duplicate Post Page Menu & Custom Post Type security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Duplicate Post Page Menu & Custom Post Type Plugin <= 2.4.1 is vulnerable to Broken Access Control

Software Duplicate Post Page Menu & Custom Post Type Type Plugin Vulnerable versions = 2.4.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36526 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID be002a065247 Credits...

CVE-2023-2237

CVE-2023-2237 affects the WordPress plugin WP Replicate Post (WordPress plugin). The vulnerability is an SQL Injection in the post_id parameter, present in versions up to and including 4.0.2, caused by insufficient escaping of user input and inadequate preparation of the SQL query. Exploitation i...

CVE-2022-4946

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain...

PT-2023-15932 · WordPress · Frontend Post Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Frontend Post WordPress Plugin versions through 2.8.4 Description: The issue concerns a lack of validation for an attribute in one of the plugin's shortcodes. This could allow users with a role as low as contributor to add a malicious shortco...

WordPress Plugin Frontend Post 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

Cross site scripting

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Themify Themify Portfolio Post plugin = 1.2.4 versions...

CVE-2022-32970

CVE-2022-32970 is a stored XSS in the Themify Portfolio Post WordPress plugin (

CVE-2023-23862

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Vertical scroll recent post plugin = 14.0 versions...

CVE-2023-23862

CVE-2023-23862 corresponds to a Stored XSS in the WordPress plugin Vertical scroll recent post (by Gopi Ramasamy), affecting versions

Duplicate Page and Post Plugin < 2.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Duplicate Post Suffix" or "Duplicate Link Text" settings: "alert/XSS/...

WordPress Vertical scroll recent post plugin <= 13.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Vertical scroll recent post plugin versions = 13.8. Solution Update the WordPress Vertical scroll recent post plugin to the latest available version at least 14.0...