CVE-2023-45603

CVE-2023-45603 concerns the WordPress plugin User Submitted Posts (Jeff Starr) with an Unrestricted Upload of File with Dangerous Type, enabling unauthenticated users to upload arbitrary files via the usp_attach_images path. Public sources (NVD/Wordfence, Patchstack) identify this as a high-sever...

WordPress Plugin User Submitted Posts Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2023-47754

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9...

CVE-2023-47754

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9...

Authorization

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9...

CVE-2023-47754

CVE-2023-47754 is a Broken Access Control/Missing Authorization vulnerability in the WordPress plugin Delete Duplicate Posts (versions

CVE-2023-47754 WordPress Delete Duplicate Posts Plugin <= 4.8.9 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9...

CVE-2023-6077

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protect...

CVE-2023-5949

The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content...

CVE-2023-6077

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protect...

CVE-2023-6203

The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request...

Cross site request forgery (csrf)

The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request...

PT-2023-30588 · Clever · Delete Duplicate Posts

Name of the Vulnerable Software and Affected Versions: Delete Duplicate Posts versions n/a through 4.8.9 Description: The issue is related to a Missing Authorization vulnerability in Clever plugins, specifically in the Delete Duplicate Posts plugin. This vulnerability allows accessing functionali...

WordPress Plugin Delete Duplicate Posts Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Events Calendar Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2023-32567 · WordPress · The Events Calendar

Name of the Vulnerable Software and Affected Versions: The Events Calendar WordPress plugin versions prior to 6.2.8.1 Description: The issue allows unauthenticated users to access the content of password-protected posts via a crafted request. Recommendations: For versions prior to 6.2.8.1, update...

PT-2023-32437 · WordPress · Smartcrawl

Name of the Vulnerable Software and Affected Versions: SmartCrawl WordPress plugin versions prior to 3.8.3 Description: The issue allows unauthorized users to access the content of password-protected posts. Recommendations: For versions prior to 3.8.3, update to version 3.8.3 or later to resolve...

WordPress Plugin SmartCrawl Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-49182

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10...

CVE-2023-49180

CVE-2023-49180 corresponds to a Stored Cross-Site Scripting in the WordPress plugin Automatic Youtube Video Posts (versions up to 5.2.2). The vulnerability affects the plugin via admin/settings context, allowing authenticated attackers with Administrator+ privileges to inject scripts. Public expl...