6242 matches found
Code injection
The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...
Cross site scripting
The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
UBUNTU-CVE-2023-5561
WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...
CVE-2023-4725 Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS
The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-4725
CVE-2023-4725 affects the WordPress plugin Simple Posts Ticker prior to version 1.1.6. The issue is that certain settings are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., administrators) even when the unfiltered_html capability is disallowed (such as in multi...
CVE-2023-4725 Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS
The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-4646 Simple Posts Ticker < 1.1.6 - Contributor+ Stored XSS
The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4646
CVE-2023-4646 affects the WordPress plugin Simple Posts Ticker (versions before 1.1.6). The flaw is insufficient validation/escaping of shortcode attributes, allowing stored XSS when a user with Contributor+ privileges outputs the shortcode on a post/page. The vulnerability is confirmed in multip...
CVE-2023-4687 PageLayer < 1.7.7 - Unauthenticated Stored XSS
The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...
WordPress plugin Simple Posts Ticker cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
WordPress plugin Simple Posts Ticker cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
PT-2023-30035 · WordPress · Simple Posts Ticker
Name of the Vulnerable Software and Affected Versions: The Simple Posts Ticker WordPress plugin versions prior to 1.1.6 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes in the plugin, which could allow users with the contributor role and above to...
WordPress plugin Pagelayer cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2023-44467
creationtimestamp| type| source ---|---|--- 2023-10-10 00:16:12+00:00| seen| https://t.me/cibsecurity/71868 2025-04-03 13:52:48+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/12001 2025-04-04 13:42:39+00:00| seen|...
WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload
Software User Submitted Posts Type Plugin Vulnerable versions = 20230902 Fixed in 20230914 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-45603 Patch priority High CVSS severity High 9 Developer Claim ownership PSID b7d676bf7c95 Credits Rafie Muhammad Patchstack...
CVE-2023-5331 File Information Leak via IDOR in file_id in Draft Posts
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from a failure to properly check the creator of an attachment when adding it to a draft post, which could lead to information disclosure...
WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Popular Posts Type Plugin Vulnerable versions = 6.3.2 Fixed in 6.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45607 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1c445e00e39 Credits Rafie Muhammad Patchstack...
CVE-2023-40556
Cross-Site Request Forgery CSRF vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...
CVE-2023-40556
Cross-Site Request Forgery CSRF vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...