6609 matches found
CVE-2023-28988
CVE-2023-28988 concerns the WordPress plugin “Direct checkout, Add to cart redirect for WooCommerce” (PI Websolution) for WooCommerce. Affected: plugin versions ≤ 2.1.48. Nature: Authenticated Stored Cross-Site Scripting (XSS) vulnerability present in multiple UI elements (Direct checkout, Add to...
CVE-2023-28751
CVE-2023-28751 affects WP Ultimate Review (Wpmet) plugin
CVE-2023-27427
CVE-2023-27427 concerns the WordPress NTZApps CRM Memberships plugin (
CVE-2023-32580
CVE-2023-32580 affects the WordPress plugin “Password Protected” (WPExperts) ≤ 2.6.2. The issue is an authenticated (admin+) Stored Cross‑Site Scripting (XSS) vulnerability, enabling script injection via the plugin’s handling of input when already logged in as an administrator. Multiple sources c...
CVE-2023-35048 WordPress Booking and Rental Manager Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in MagePeople Team Booking and Rental Manager for Bike plugin = 1.2.1 versions...
Sql injection
A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain...
CVE-2023-34368
CVE-2023-34368 affects Kanban Boards for WordPress (WordPress Kanban Boards) plugin
CVE-2023-33323
CVE-2023-33323 describes a Stored XSS in Repute InfoSystems ARMember plugin for WordPress, affecting versions
CVE-2023-23811
CVE-2023-23811 affects the WordPress plugin Smoothscroller by Neil Gee. It is a Stored XSS vulnerability that requires admin+ privileges and affects versions
CVE-2023-23807
CVE-2023-23807 affects MojoPlug Slide Panel (WordPress plugin) version
CVE-2023-28778
CVE-2023-28778 concerns the WordPress plugin Pagination by BestWebSoft (
CVE-2023-28778 WordPress Pagination by BestWebSoft Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in BestWebSoft Pagination plugin = 1.2.2 versions...
CVE-2023-35090 WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.7 versions...
CVE-2023-31213
CVE-2023-31213: WPBakery Page Builder (JS_CComposer) contains a stored XSS in versions
CVE-2023-27618
CVE-2023-27618 affects Store Locator WordPress plugin (AGILE STORE LOCATOR)
CVE-2023-28496 WordPress SMTP2GO Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SMTP2GO – Email Made Easy plugin = 1.4.2 versions...
CVE-2023-28496
CVE-2023-28496: A Stored XSS flaw in the SMTP2GO – Email Made Easy WordPress plugin (versions
CVE-2023-28423
CVE-2023-28423: Stored XSS in Prism Tech Studios Modern Footnotes WordPress plugin
CVE-2023-28171 WordPress Brilliance Theme <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in WP Chill Brilliance theme = 1.3.1 versions...
CVE-2023-27629 WordPress Site Reviews Plugin <= 6.5.1 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Paul Ryley Site Reviews plugin = 6.5.1 versions...