WordPress plugin Recent Posts Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-25112 · WordPress · Neha Goel Recent Posts Slider

Name of the Vulnerable Software and Affected Versions: Neha Goel Recent Posts Slider plugin versions = 1.1 Description: The issue is related to an Unauth. Stored Cross-Site Scripting XSS vulnerability. This allows for malicious scripts to be stored on the server and executed when a user accesses...

CVE-2023-35778

Cross-Site Request Forgery CSRF vulnerability in Neha Goel Recent Posts Slider plugin = 1.1 versions...

CVE-2023-35778

CVE-2023-35778 corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Recent Posts Slider (

WordPress Plugin Recent Posts Slider 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Recent Posts Slider Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35778 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2c02326de32e Credits LEE SE HYOUNG...

WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Recent Posts Slider Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35043 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cce446409bae Credits LEE SE HYOUNG...

CVE-2023-0212

The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

CVE-2023-0212 Advanced Recent Posts <= 0.6.14 - Contributor+ Stored XSS

The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

CVE-2023-0212 Advanced Recent Posts <= 0.6.14 - Contributor+ Stored XSS

The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

PT-2023-16089 · WordPress · Advanced Recent Posts

Name of the Vulnerable Software and Affected Versions: Advanced Recent Posts WordPress plugin versions 0.6.14 and earlier Description: The issue arises from the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcode is...

WordPress plugin Advanced Recent Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

WordPress Advanced Recent Posts Plugin <= 0.6.14 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Recent Posts Type Plugin Vulnerable versions = 0.6.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0212 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 40ae855e2918 Credits Lana Codes...

Advanced Recent Posts <= 0.6.14 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. lptwrecentposts colorscheme='"...

WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin < 2.1.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin versions 2.1.7. Solution Update the WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin t...

[SECURITY] Fedora 30 Update: drupal7-views-3.23-1.fc30

You need Views if: You like the default front page view, but you find you want to sort it differently. You like the default taxonomy/term view, but you find you want to sort it differently; for example, alphabetically. You use /tracker, but you want to restrict it to posts of a certain type. You...

WordPress Recent Posts Widget Extended Plugin <= 0.9.9.3 - Authenticated XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Upgrade the plugin...

Recent Posts Widget Extended <= 0.9.9.3 - Authenticated XSS (multisite)

XSS in the Recent Posts Widget Extended plugin allows single site admins to change network admin's password with simple CSRF described above POC field. This vulnerability is currently unpatched. PoC 1. Login as single site administrator 2. Add Recent Posts Extended Widget to some widget area 3...

WordPress Sliding Recent Posts 1.0 CSRF / XSS

Title: WordPress 'Sliding Recent Posts' plugin - CSRF/XSS Version: 1.0 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/sliding-recent-posts/ Notified WordPress: 2014/11/27 ----------------------------------------------------------------...

WordPress Ajax Recent Posts Plugin 1.0.1 - Cross-Site Scripting

WordPress Ajax Recent Posts plugin's "do" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...