6611 matches found
CVE-2023-25705
CVE-2023-25705 describes an authenticated (admin+) stored cross-site scripting vulnerability in the WordPress plugin WP Prayer (Go Prayer, WP Prayer)
CVE-2023-25705 WordPress WP Prayer Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Go Prayer WP Prayer plugin = 1.9.6 versions...
CVE-2023-25716
Auth admin+ Stored Cross-Site Scripting XSS vulnerability in gqevu6bsiz Announce from the Dashboard plugin = 1.5.1 versions...
Cross site scripting
Auth admin+ Stored Cross-Site Scripting XSS vulnerability in gqevu6bsiz Announce from the Dashboard plugin = 1.5.1 versions...
CVE-2023-25716 WordPress Announce from the Dashboard Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)
Auth admin+ Stored Cross-Site Scripting XSS vulnerability in gqevu6bsiz Announce from the Dashboard plugin = 1.5.1 versions...
CVE-2023-25716
CVE-2023-25716 describes a stored XSS in the WordPress plugin Announce from the Dashboard (gqevu6bsiz) versions
CVE-2023-23885 WordPress Quick Contact Form Plugin <= 8.0.3.1 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Contact Form plugin = 8.0.3.1 versions...
CVE-2023-25049
CVE-2023-25049 affects the WordPress plugin “impleCode eCommerce Product Catalog Plugin for WordPress” (versions ≤ 3.3.4). The vulnerability is an authenticated (admin+) Stored Cross-Site Scripting (XSS) issue. Public sources in connected documents consistently describe the flaw as an XSS due to ...
CVE-2023-25031
CVE-2023-25031 affects the Kiboko Labs Arigato Autoresponder and Newsletter plugin for WordPress,
CVE-2023-25027
CVE-2023-25027 : A stored XSS vulnerability exists in the WordPress plugin Chained Quiz (Kiboko Labs) up to version 1.3.2.5 . The issue requires admin+ authentication and is triggered via stored input in the plugin, enabling cross‑site scripting when viewed by others. The vulnerability is address...
CVE-2023-25059
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin = 3.0.3 versions...
CVE-2023-25059
CVE-2023-25059 affects the avalex WordPress plugin (versions ≤ 3.0.3). The vulnerability is a Stored Cross-Site Scripting (XSS) that requires authentication with admin+ privileges and is exploitable via user interaction. The underlying issue relates to insufficient input cleanup/output escaping i...
CVE-2023-25061
CVE-2023-25061 affects Kiboko Labs Arigato Autoresponder and Newsletter plugin for WordPress (versions
CVE-2023-23891 WordPress Ocean Extra Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...
CVE-2023-23891
The CVE-2023-23891 entry concerns the WordPress Ocean Extra plugin (OceanWP) with a Stored XSS vulnerability in versions ≤ 2.1.1 when the OceanWP theme is installed and activated. The root cause is an input handling/shortcode context that permits script injection by authenticated contributors. Af...
CVE-2023-24374 WordPress Material Design Icons for Page Builders Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Photon WP Material Design Icons for Page Builders plugin = 1.4.2 versions...
CVE-2023-24387
WPdevart Organization chart plugin for WordPress is affected in versions
CVE-2023-24403
The CVE-2023-24403 entry describes a Stored XSS vulnerability in the WordPress bbPress Voting plugin (WP For The Win) versions
CVE-2023-24383
The CVE-2023-24383 entry affects the Kiboko Labs Namaste! LMS WordPress plugin (versions ≤ 2.5.9.1). The issue is a Stored Cross-Site Scripting (XSS) vulnerability that requires admin+ authentication to exploit. The root cause involves insufficient input handling/escaping in the plugin, enabling ...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Timersys WP Popups – WordPress Popup plugin = 2.1.4.8 versions...