6608 matches found
CVE-2023-28169
CVE-2023-28169 affects the WordPress plugin CoreFortress Easy Event calendar (versions
CVE-2023-23668
The CVE-2023-23668 entry concerns the WordPress GiveWP plugin, versions
CVE-2023-23668 WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in GiveWP plugin = 2.25.1 versions...
CVE-2023-25021 WordPress FareHarbor for WordPress Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in FareHarbor FareHarbor for WordPress plugin = 3.6.6 versions...
aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +412 more potentially affected by CVE-2023-31047 via django (>=4.0.0 <=4.1.8)
django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =0.1.0, =0.0.3, =4.0.9.0, =3.1.1, =3.6.4, =3.7.0 and more Source cves: CVE-2023-31047 Source advisory: OSV:PYSEC-2023-61...
CVE-2023-24400
CVE-2023-24400 affects the WordPress plugin Hu-manity.Co Cookie Notice & Compliance for GDPR / CCPA, specifically versions
CVE-2023-26519
CVE-2023-26519: Admin+ authenticated stored XSS in WordPress Publish to Schedule plugin (
CVE-2023-21494
Potential buffer overflow vulnerability in auth api in mmAuthentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access...
CVE-2022-47434
CVE-2022-47434 affects PB SEO Friendly Images plugin for WordPress, versioned at or below 4.0.5. The vulnerability is described as an admin+ Stored Cross-Site Scripting (XSS) flaw arising from insufficient input handling/sanitization, enabling stored XSS via administrative context. Public exploit...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin = 1.3.4 versions...
CVE-2023-26012
CVE-2023-26012 is a stored XSS vulnerability in the WordPress plugin “Denzel Chia | Phire Design Custom Login Page” (plugin versions ≤ 2.0). The issue requires admin+ privileges and authenticating to trigger a stored XSS vector, potentially affecting site integrity via user input handling. Public...
CVE-2023-26016
CVE-2023-26016 concerns the WordPress plugin “Simple Portfolio Gallery” by Tauhidul Alam. Affected versions are those
CVE-2023-26016 WordPress Simple Portfolio Gallery Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tauhidul Alam Simple Portfolio Gallery plugin = 0.1 versions...
CVE-2023-21494
The CVE-2023-21494 issue affects Samsung Shannon baseband, specifically the auth API in mm_Authentication.c. It describes a potential buffer overflow that could allow remote attackers to cause invalid memory access. The vulnerability is rooted in the Shannon baseband code prior to SMR May-2023 Re...
CVE-2023-23875 WordPress Bing Site Verification plugin using Meta Tag Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin = 1.0 versions...
CVE-2023-23808
CVE-2023-23808 affects the WordPress Sponsors Carousel plugin for versions prior to or equal to 4.02. The issue is an Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in the Sponsors Carousel plugin, with the root cause described as stored XSS. The available sources indicate...
CVE-2023-23809
CVE-2023-23809 concerns a stored XSS in the WordPress plugin “Stock market charts from finviz” (plugin versions
CVE-2023-23708
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin = 3.9.4 versions...
CVE-2023-23874
CVE-2023-23874 is a stored XSS vulnerability in the WordPress Ditty plugin (versions ≤ 3.0.32) affecting contributors. The issue is caused by an insufficient input sanitization in the plugin, allowing malicious scripts to be stored and potentially executed in user sessions. The connected sources ...
CVE-2023-23820
The CVE-2023-23820 entry concerns the WordPress ProfilePress Plugin (Membership Team) versions <= 4.5.4. The vulnerability is a stored XSS that requires authentication (contributors or higher) to exploit. The available documents specify the issue as an Auth. (contributor+) Stored Cross-Site Sc...