WordPress plugin YARPP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Marquee Elementor with Posts plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Marquee Elementor with Posts versions = 1.2.0...

WordPress Marquee Elementor with Posts Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Marquee Elementor with Posts Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51584 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0fd32696366c Credits Gab Required privilege...

CVE-2024-8713

CVE-2024-8713 affects Kodex Posts likes for WordPress (all versions up to and including 2.5.0). It is a Reflected Cross-Site Scripting vulnerability caused by using add_query_arg without proper escaping, enabling unauthenticated attackers to inject scripts if a user is tricked into performing an ...

WordPress plugin YARPP 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2024-4135

CVE-2024-4135 affects the WP Latest Posts WordPress plugin, vulnerable in all versions up to 5.0.7. Unauthenticated attackers can trigger arbitrary shortcodes due to unvalidated user input used by do_shortcode. CVSS v3.1 base score 5.4 (Medium). A patched version exists; remediation is to update ...

WordPress WP Latest Posts plugin <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin WP Latest Posts versions = 5.0.7...

CVE-2023-6731

The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with subscriber access and above, to view arbitrary pos...

CVE-2024-32549

CVE-2024-32549 is a CSRF-to-XSS vulnerability in the WordPress plugin “Microkid Related Posts” that can affect sites using the plugin up to version 4.0.3. The connected Red Hat entry confirms the issue as a CSRF vulnerability that enables XSS in Related Posts for WordPress. The CVSS 3.1 vector fr...

WordPress WP Show Posts plugin <= 1.1.5 - Improper Authorization to Information Exposure vulnerability

Improper Authorization to Information Exposure vulnerability discovered by Lucio Sá in WordPress Plugin WP Show Posts versions = 1.1.5...

WordPress Related Posts for WordPress plugin <= 4.0.3 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Related Posts for WordPress versions = 4.0.3...

CVE-2024-0592

The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to add related...

WordPress Plugin WP Show Posts Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

WordPress plugin Yet Another Related Posts Plugin security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2024-15681 · WordPress · Yarpp

Name of the Vulnerable Software and Affected Versions: YARPP – Yet Another Related Posts Plugin versions up to, and including, 5.30.9 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

CVE-2023-6994 List category posts <= 0.89.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-45603 WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902...

CVE-2023-49180

CVE-2023-49180 corresponds to a Stored Cross-Site Scripting in the WordPress plugin Automatic Youtube Video Posts (versions up to 5.2.2). The vulnerability affects the plugin via admin/settings context, allowing authenticated attackers with Administrator+ privileges to inject scripts. Public expl...

PT-2023-31098 · WordPress · Automatic Youtube Video Posts Plugin

Name of the Vulnerable Software and Affected Versions: Automatic Youtube Video Posts Plugin versions through 5.2.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

WordPress Remove Duplicate Posts Plugin <= 1.3.5 is vulnerable to Broken Access Control

Software Remove Duplicate Posts Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-29237 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 36a581916e0b Credits Junsu Yeo Requir...