6613 matches found
CVE-2023-23786
CVE-2023-23786 concerns the WordPress affiliate-toolkit plugin from Christof Servit, with a Stored XSS issue exploitable by users with Editor+ permissions in versions
CVE-2023-23788
CVE-2023-23788 affects the WordPress plugin Custom More Link Complete by Florin Arjocu, versions
CVE-2023-23647
CVE-2023-23647 is a stored-XSS vulnerability in the WordPress plugin Team Member – Team with Slider (also listed as Team Showcase Supreme) for versions
CVE-2023-24372
CVE-2023-24372 concerns a Stored XSS in WordPress plugin Simple Custom Author Profiles (<= 1.0.0). The initial entry specifies Admin+ authentication required and a stored cross-site scripting vulnerability in the plugin. Connected records corroborate the issue affecting the Simple Custom Autho...
CVE-2023-23734
The CVE-2023-23734 issue affects the WordPress plugin Userlike – WordPress Live Chat (David Voswinkel) versions ≤ 2.2. It is an authenticated Stored XSS vulnerability (admin+), caused by insufficient sanitization/escaping of settings, enabling an administrator to inject scripts executed by other ...
CVE-2023-23732
CVE-2023-23732 concerns the Disqus Conditional Load WordPress plugin (11.0.6, with Patchstack noting low exploit likelihood. References corroborate XSS vector and affected version range and provide the patch status and guidance to update. Technical details beyond the basic vulnerability descripti...
Cross site scripting
Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in Rymera Web Co Wholesale Suite plugin = 2.1.5 versions...
CVE-2023-23884
CVE-2023-23884 relates to the WordPress plugin Kanban Boards for WordPress (Kanban) where an authenticated admin can trigger a stored XSS in versions up to 2.5.20. The vulnerability is caused by inadequate input sanitization in the plugin’s Kanban feature, allowing an admin with privileges to inj...
CVE-2023-23883
CVE-2023-23883 : WordPress WP Content Filter plugin versions ≤ 3.0.1 contain a stored XSS vulnerability that requires admin+ privileges . The root cause is a stored XSS in the plugin’s handling of content. Impact per sources includes potential user impact and low overall risk in public contexts. ...
CVE-2023-23664
CVE-2023-23664 describes a Stored XSS in the ConvertBox Auto Embed WordPress plugin (versions
grafana: Escalation from admin to server admin when auth proxy is used
A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username or email in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with thi...
CVE-2023-23863 WordPress TreePress – Easy Family Trees & Ancestor Profiles Plugin <= 2.0.22 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin = 2.0.22 versions...
MAL-2023-114 Malicious code in auth-test-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb18aabc5749a94ac657ae109997f03bd170e42c876bd450cc0bf43ee32619cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in auth-test-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb18aabc5749a94ac657ae109997f03bd170e42c876bd450cc0bf43ee32619cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-24376
CVE-2023-24376 affects WP Simple Events (WordPress) ≤ 1.0. The vulnerability is an Auth. (admin+) Stored Cross-Site Scripting (XSS) in the plugin, with the exploitation described as a stored XSS condition requiring administrative privileges and user interaction. CVSS scores vary by source (NVD: 4...
@karmalicious/nodejs-drivers (>=2.0.0 <=8.0.0), azupck (>=1.1.72 <=1.4.4) +13 more potentially affected by CVE-2023-2583 via jsreport (>=1.10.0 <=2.11.0)
jsreport NPM version =1.10.0, =2.0.0, =1.1.72, =1.0.28, =1.8.1, =1.0.1, =0.0.1, =1.0.0, =1.0.80, =1.1.36, =2.14.0, =2.30.0 Source cves: CVE-2023-2583 Source advisory: OSV:GHSA-G7RJ-Q722-245G...
CVE-2023-1979 Auth bypass in Web Stories for WordPress plugin
The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability ...
Cross site scripting
Auth subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Macho Themes NewsMag theme = 2.4.4 versions...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.4 versions...
CVE-2023-24408
CVE-2023-24408 affects the Ecwid Ecommerce Shopping Cart WordPress plugin, where a Stored XSS vulnerability can be triggered in versions