CVE-2024-1376

CVE-2024-1376 affects the WordPress plugin Event post by WordPress.org, where a missing capability check in the save_bulkdatas function allowed authenticated users with subscriber-level access or higher to bulk-update post_meta_data in all versions up to and including 5.9.4. The Red Hat and Wordf...

WordPress plugin Event post 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2024-17988 · WordPress · Event Post Plugin

Name of the Vulnerable Software and Affected Versions: Event post plugin for WordPress versions up to, and including, 5.9.4 Description: The issue allows authenticated attackers with subscriber access or higher to update post meta data due to a missing capability check on the save bulkdatas...

PT-2024-25550 · Webtechideas · Wti Like Post

Name of the Vulnerable Software and Affected Versions: webtechideas WTI Like Post versions 1.4.6 and earlier Description: The issue is related to an Authentication Bypass by Spoofing, allowing functionality bypass in the webtechideas WTI Like Post plugin. Recommendations: For versions 1.4.6 and...

WordPress Duplicate Post plugin <= 1.4.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Duplicate Post versions = 1.4.4...

CVE-2024-31085

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rob Marsh, SJ Post-Plugin Library allows Reflected XSS.This issue affects Post-Plugin Library: from n/a through 2.6.2.1...

CVE-2024-31085 WordPress Post-Plugin Library plugin <= 2.6.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rob Marsh, SJ Post-Plugin Library allows Reflected XSS.This issue affects Post-Plugin Library: from n/a through 2.6.2.1...

CVE-2024-31085

CVE-2024-31085 is a Reflected XSS in the WordPress plugin Post-Plugin Library (aka Rob Marsh, SJ Post-Plugin Library). The vulnerability stems from improper neutralization of user input during web page generation, enabling an attacker-controlled payload to be reflected in responses. Affected vers...

CVE-2024-31085 WordPress Post-Plugin Library plugin <= 2.6.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rob Marsh, SJ Post-Plugin Library allows Reflected XSS.This issue affects Post-Plugin Library: from n/a through 2.6.2.1...

WordPress Plugin Post-Plugin Library 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-23753 · Unknown · Post-Plugin Library

Name of the Vulnerable Software and Affected Versions: Post-Plugin Library versions 2.6.2.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting XSS, specifically Reflected XSS. Recommendations: For...

WordPress Post-Plugin Library plugin <= 2.6.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Post-Plugin Library versions = 2.6.2.1...

WordPress Post-Plugin Library Plugin <= 2.6.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Post-Plugin Library Type Plugin Vulnerable versions = 2.6.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31085 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8fe5a2f8b83 Credits Dimas Maulana Required...

CVE-2023-51666 WordPress Related Post Plugin <= 2.0.53 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53...

CVE-2023-51666 WordPress Related Post Plugin <= 2.0.53 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53...

WordPress plugin Related Post Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin Simple Post security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

WordPress Related Post Plugin <= 2.0.53 is vulnerable to Cross Site Scripting (XSS)

Software Related Post Type Plugin Vulnerable versions = 2.0.53 Fixed in 2.0.54 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3b0bef244c2c Credits Khalid Yusuf Required privilege...

CVE-2023-34168 WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alex Raven WP Report Post allows SQL Injection.This issue affects WP Report Post: from n/a through 2.1.2...

CVE-2023-34168 WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alex Raven WP Report Post allows SQL Injection.This issue affects WP Report Post: from n/a through 2.1.2...