WordPress WP Logs Book plugin <= 1.0.1 - Log Clearing via CSRF vulnerability

Log Clearing via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Logs Book versions = 1.0.1...

PT-2025-46273

Name of the Vulnerable Software and Affected Versions The Total Book Project plugin for WordPress versions prior to 1.1 Description The software is susceptible to an Insecure Direct Object Reference issue. This impacts authenticated attackers with Contributor-level access or higher, allowing them...

CVE-2024-11766

The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gsbookshowcase' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output...

CVE-2021-24538

The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue...

CVE-2019-15770

The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks...

CVE-2024-11766 WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gsbookshowcase' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output...

CVE-2024-11766 WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gsbookshowcase' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output...

WordPress plugin WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin WordPress Book Plugin for Displaying...

WordPress WP Logs Book plugin <= 1.0.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP Logs Book versions = 1.0.1...

WordPress WP Logs Book plugin <= 1.0.1 - Multiple CSRF vulnerability

Multiple CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Logs Book versions = 1.0.1...

CVE-2024-4477

The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting...

WordPress WP Logs Book Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Logs Book Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4477 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 68e2026bab3a Credits Bob Matyas Required...

WordPress plugin WP Logs Book security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-34821 WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability

Missing Authorization vulnerability in Anssi Laitila Contact List contact-list.This issue affects Contact List: from n/a through = 2.9.87...

CVE-2023-1126

The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks...

CVE-2021-24538

The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue...

WordPress Current Book plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Vikas Srivastava in WordPress Current Book plugin versions = 1.0.1. Solution This plugin has been closed as of July 15, 2021 and is not available for download. This closure is temporary, pending a full review...

WordPress Flip Book Plugin 1.0 - Arbitrary File Upload

Flip Book plugin's "php.php" is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possibl...