WordPress Plugin Booster for WooCommerce Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2023-31778 · WordPress · The Contact Form By Formget

Name of the Vulnerable Software and Affected Versions: The Contact Form by FormGet plugin for WordPress versions up to, and including, 5.5.5 Description: The issue is related to Stored Cross-Site Scripting via the formget shortcode due to insufficient input sanitization and output escaping on...

PT-2023-16457 · WordPress · Metform Elementor Contact Form Builder

Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.1 Description: The issue allows authenticated attackers with subscriber-level capabilities or above to obtain sensitive information about arbitrary form...

CVE-2023-0692 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mfpaymentstatus' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the...

PT-2023-21078 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to missing nonce validation in the ajax edit contact function, making it possible for authenticated attackers to elevate verified user...

CVE-2023-1911

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

WordPress plugin Blocksy Companion 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2021-24851

The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue...