WordPress Plugin Ultimate Posts Widget Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2023-52133

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WhileTrue Most And Least Read Posts Widget.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.16...

CVE-2023-52133

CVE-2023-52133 affects the Most And Least Read Posts Widget plugin (WordPress). The vulnerability is an SQL Injection in widget settings that can be exploited by an authenticated user with Contributor+ privileges. Affected range is from n/a through version 2.5.16; the entry notes the issue was pa...

CVE-2015-10124

CVE-2015-10124 affects the WordPress plugin Most Popular Posts Widget Plugin (versions up to 0.8). The vulnerability resides in the functions.php, in add_views/show_views, enabling SQL injection that can be exploited remotely. Upgrading to version 0.9 addresses the issue (patch: a99667d11ac8d3200...

WordPress Plugin Most Popular Posts Widget SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Most Popular Posts Widget...

WordPress Ultimate Posts Widget Plugin <= 2.2.4 is vulnerable to Broken Access Control

Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 65c113fe970b Credits WordFence Required...

WordPress Ultimate Posts Widget Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ecda45839866 Credits WordFence...

Recent Posts Widget Extended <= 0.9.9.3 - Authenticated XSS (multisite)

XSS in the Recent Posts Widget Extended plugin allows single site admins to change network admin's password with simple CSRF described above POC field. This vulnerability is currently unpatched. PoC 1. Login as single site administrator 2. Add Recent Posts Extended Widget to some widget area 3...