PT-2024-25121 · WordPress · Easy Custom Auto Excerpt

Name of the Vulnerable Software and Affected Versions: Easy Custom Auto Excerpt plugin for WordPress versions up to, and including, 2.4.12 Description: The issue allows unauthenticated attackers to obtain excerpts of password-protected posts, potentially exposing sensitive information...

WordPress plugin eRoom 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Smart Recent Posts Widget <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Smart Recent Posts Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-1371

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...

CVE-2024-1371

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...

CVE-2024-1371 LeadConnector <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...

CVE-2024-33643

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most Recent Posts Mod: from n/a through 1.6.5.2...

CVE-2024-33643

CVE-2024-33643 affects the WordPress plugin Advanced Most Recent Posts Mod (vulnerable up to 1.6.5.2) with a Stored XSS due to improper input neutralization during page generation. The initial and connected docs confirm the vulnerability type and affected plugin; patch/version details beyond 1.6....

CVE-2024-33643 WordPress Advanced Most Recent Posts Mod plugin <= 1.6.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most Recent Posts Mod: from n/a through 1.6.5.2...

CVE-2024-33643 WordPress Advanced Most Recent Posts Mod plugin <= 1.6.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most Recent Posts Mod: from n/a through 1.6.5.2...

PT-2024-25404 · Unknown · Kailey Lampert Advanced Most Recent Posts Mod

Name of the Vulnerable Software and Affected Versions: Kailey Lampert Advanced Most Recent Posts Mod versions through 1.6.5.2 Description: The issue affects the Kailey Lampert Advanced Most Recent Posts Mod, allowing Stored XSS due to improper neutralization of input during web page generation...

CVE-2024-33692

CVE-2024-33692 is an stored XSS vulnerability in the Satrya Smart Recent Posts Widget. The issue is due to improper input neutralization during web page generation, enabling stored cross-site scripting. Affected versions are vulnerable from n/a to 1.0.3. The initial and connected documents do not...

CVE-2024-33692 WordPress Smart Recent Posts Widget plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Satrya Smart Recent Posts Widget allows Stored XSS.This issue affects Smart Recent Posts Widget: from n/a through 1.0.3...

CVE-2024-33692 WordPress Smart Recent Posts Widget plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Satrya Smart Recent Posts Widget allows Stored XSS.This issue affects Smart Recent Posts Widget: from n/a through 1.0.3...

WordPress Smart Recent Posts Widget plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Smart Recent Posts Widget versions = 1.0.4...

WordPress Ultimate Posts Widget plugin <= 2.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Ultimate Posts Widget versions = 2.2.9...

CVE-2024-3678 Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts...

CVE-2024-3678 Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts...

WordPress Smart Recent Posts Widget Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Smart Recent Posts Widget Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33692 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 734e2b75e9d6 Credits Joshua Chan Required privilege...

WordPress Ultimate Posts Widget Plugin <= 2.2.9 is vulnerable to Broken Access Control

Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.9 Fixed in 2.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 565122e43072 Credits Dhabaleshwar Das Requir...