CVE-2023-31221

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ransom Christofferson PDQ CSV plugin = 1.0.0 versions...

CVE-2023-28934

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mammothology WP Full Stripe Free plugin = 1.6.1 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mammothology WP Full Stripe Free plugin = 1.6.1 versions...

CVE-2023-27415

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Themeqx LetterPress plugin = 1.1.2 versions...

CVE-2023-27422

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NsThemes NS Coupon To Become Customer plugin = 1.2.2 versions...

PT-2023-22042 · Unknown · Never5 Post Connector

Name of the Vulnerable Software and Affected Versions: Never5 Post Connector plugin versions prior to 1.0.9 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with admin+ authentication. This type of vulnerability allows an attacker to inject...

Information Disclosure

@saltcorn/cli is vulnerable to Information Disclosure. The vulnerability exists because it does not properly restrict unsafe plugins in subdomain tenants, which allows an admin authenticated attacker to install an unsafe plugin gain access to sensitive information from other tenants...

PT-2023-24448 · WordPress · About Me 3000

Name of the Vulnerable Software and Affected Versions: About Me 3000 widget plugin for WordPress versions up to, and including, 2.2.6 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

CVE-2023-27427

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NTZApps CRM Memberships plugin = 1.6 versions...

CVE-2023-35048

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in MagePeople Team Booking and Rental Manager for Bike plugin = 1.2.1 versions...

CVE-2023-34006

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marco Milesi Telegram Bot & Channel plugin = 3.6.2 versions...

CVE-2023-34368

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin = 2.5.20 versions...

CVE-2023-28774

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Grade Us, Inc. Review Stream plugin = 1.6.5 versions...

CVE-2023-26534

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in OneWebsite WP Repost plugin = 0.1 versions...

PT-2023-21140 · Unknown · Wow-Company Button Generator

Name of the Vulnerable Software and Affected Versions: Wow-Company Button Generator – easily Button Builder plugin versions prior to 2.3.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For...

PT-2023-24625 · Unknown · Marco Milesi Telegram Bot & Channel

Name of the Vulnerable Software and Affected Versions: Marco Milesi Telegram Bot & Channel plugin versions = 3.6.2 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Marco Milesi Telegram B...

CVE-2023-35095

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...

CVE-2023-33213

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in gVectors Display Custom Fields – wpView plugin = 1.3.0 versions...

CVE-2023-26537

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in nicolly WP No External Links plugin = 1.0.2 versions...

CVE-2023-26515

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ko Takagi Simple Slug Translate plugin = 2.7.2 versions...