6276 matches found
CVE-2024-53780
Cross-Site Request Forgery CSRF vulnerability in rajeevglocify Load More Posts load-more-posts allows Stored XSS.This issue affects Load More Posts: from n/a through = 1.5.0...
CVE-2024-53730
Cross-Site Request Forgery CSRF vulnerability in springthistle April's Call Posts aprils-call-posts allows Stored XSS.This issue affects April's Call Posts: from n/a through = 2.1.1...
CVE-2024-53780 WordPress Load More Posts plugin <= 1.5.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in rajeevglocify Load More Posts load-more-posts allows Stored XSS.This issue affects Load More Posts: from n/a through = 1.5.0...
CVE-2024-53780 WordPress Load More Posts plugin <= 1.5.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in rajeevglocify Load More Posts load-more-posts allows Stored XSS.This issue affects Load More Posts: from n/a through = 1.5.0...
CVE-2024-53780
CVE-2024-53780 describes a Cross-Site Request Forgery that enables Stored XSS in the WordPress Load More Posts plugin, affecting versions up to 1.4.0 (per the CVE entry). The available connected sources corroborate the CSRF-to-Stored-XSS issue and indicate a later fix in version 1.5.0 or newer (P...
CVE-2024-53730 WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Aaron Hodge Silver April's Call Posts allows Stored XSS. This issue affects April's Call Posts: from n/a through 2.1.1...
CVE-2024-53730 WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in springthistle April's Call Posts aprils-call-posts allows Stored XSS.This issue affects April's Call Posts: from n/a through = 2.1.1...
CVE-2024-53730
CVE-2024-53730 is a CSRF-to-Stored XSS vulnerability in the WordPress plugin “April’s Call Posts” (versions
WordPress plugin Aprils Call Posts 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerabilit...
PT-2024-35893 · Unknown · Load More Posts
Name of the Vulnerable Software and Affected Versions: Load More Posts versions 1.4.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...
WordPress Load More Posts plugin <= 1.5.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Load More Posts versions = 1.5.0...
CVE-2024-10780
The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurantelementortemplate' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...
CVE-2024-10798
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers,...
CVE-2024-10670
The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the primelementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...
CVE-2024-10798 Royal Elementor Addons and Templates <= 1.7.1003 - Authenticated (Contributor+) Post Disclosure
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers,...
PT-2024-16557 · WordPress · The Royal Elementor Addons/Templates
Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.7.1003 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts...
PT-2024-16447 · WordPress · Primary Addon For Elementor
Name of the Vulnerable Software and Affected Versions: The Primary Addon for Elementor plugin for WordPress versions up to, and including, 1.6.2 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created with...
CVE-2024-11083
The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...
CVE-2024-5921
creationtimestamp| type| source ---|---|--- 2024-11-26 01:45:00+00:00| seen| https://security.paloaltonetworks.com/CVE-2024-5921 2024-11-26 04:36:37+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113547398128287677 2024-11-26 08:52:04+00:00| seen|...
WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin April's Call Posts versions = 2.1.1...