PT-2023-31100 · Unknown · Fabio Marzocca List All Posts By Authors

Name of the Vulnerable Software and Affected Versions: Fabio Marzocca List all posts by Authors, nested Categories and Titles versions 2.7.10 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allo...

WordPress Plugin List all posts by Authors, nested Categories and Titles Cross-site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress Plugin List all posts by Authors, nested...

WordPress Plugin Automatic Youtube Video Posts Plugin Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2023-31098 · WordPress · Automatic Youtube Video Posts Plugin

Name of the Vulnerable Software and Affected Versions: Automatic Youtube Video Posts Plugin versions through 5.2.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

CVE-2023-1234

creationtimestamp| type| source ---|---|--- 2023-12-11 07:54:33+00:00| seen| https://t.me/arpsyndicate/1717 2025-01-31 17:51:19+00:00| seen| https://gist.github.com/CarterOgunsola/8ef626effb6fa27887c6b571b9a0962e 2025-03-10 09:50:51+00:00| seen|...

Yet Another Stars Rating < 3.4.4 - Missing Authorization via init

Description The Yet Another Stars Rating plugin for WordPress is vulnerable to unauthorized modification of data due to a missing check on the init function in versions up to, and including, 3.4.3. This makes it possible for unauthenticated attackers to vote on private or nonexistent posts...

Royal Elementor Addons and Templates < 1.3.81 - Unauthenticated Arbitrary Post Read

Description The plugin does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content WooCommerce needs to be...

CVE-2023-41735

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2...

CVE-2023-41735

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2...

CVE-2023-45066

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1...

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2...

CVE-2023-41735 WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2...

CVE-2023-41735

The CVE CVE-2023-41735 applies to the WordPress plugin Email posts to subscribers, affected up to version 6.2. The issue is an information-disclosure vulnerability caused by missing authorization checks, allowing unauthenticated actors to access subscriber email data. Multiple connected sources c...

CVE-2023-45066 WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1...

WordPress Plugin Export All Posts, Products, Orders, Refunds & Users Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-29385 · Unknown · Smackcoders Export All Posts

Name of the Vulnerable Software and Affected Versions: Smackcoders Export All Posts, Products, Orders, Refunds & Users versions n/a through 2.4.1 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data can be...

WordPress Automatic Youtube Video Posts Plugin Plugin <= 5.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Automatic Youtube Video Posts Plugin Type Plugin Vulnerable versions = 5.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-49180 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2f23eed8b8ab Credits...

WordPress plugin Simple Social Media Share Buttons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WP Content Pilot – Autoblogging & Affiliate Marketing Plugin < 1.3.4 - Authenticated (Contributor+) Content Injection

Description The WP Content Pilot plugin for WordPress is vulnerable to Arbitrary Content Injection in versions up to, and including, 1.3.3. This vulnerability makes it possible for authenticated attackers, with contributor access or higher to inject new content onto the website, possibly through...

CVE-2023-5382

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfdeleteposts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a...