CVE-2023-31088 WordPress Floating Action Button plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

A vulnerability in farazify Floating Action Button floating-action-button.This issue affects Floating Action Button: from n/a through = 1.2.1...

CVE-2023-31088

CVE-2023-31088 concerns the WordPress plugin “Floating Action Button” (versions

WordPress Plugin Floating Action Button Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in the...

PT-2023-23144 · Unknown · Faraz Quazi Floating Action Button

Name of the Vulnerable Software and Affected Versions: Faraz Quazi Floating Action Button plugin versions 1.2.1 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintende...

CVE-2023-46613

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Jens Kuerschner Add to Calendar Button plugin = 1.5.1 versions...

CVE-2023-46613

A vulnerability in Add to Calendar Add to Calendar Button add-to-calendar-button.This issue affects Add to Calendar Button: from n/a through 1.5.1...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Jens Kuerschner Add to Calendar Button plugin = 1.5.1 versions...

CVE-2023-46613

The CVE-2023-46613 entry concerns the WordPress plugin Jens Kuerschner Add to Calendar Button (versions

CVE-2023-46613 WordPress Add to Calendar Button Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Jens Kuerschner Add to Calendar Button plugin = 1.5.1 versions...

CVE-2023-46613 WordPress Add to Calendar Button Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Jens Kuerschner Add to Calendar Button plugin = 1.5.1 versions...

WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software CodeBard's Patron Button and Widgets for Patreon Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47524 Patch priority High CVSS severity High 5.8 Developer Codebard PSID 00014dfb79a5...

CVE-2023-4910

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache...

OPENSUSE-SU-2023:0353-1 Security update for opera

This update for opera fixes the following issues: - Update to 104.0.4944.36 CHR-9492 Update Chromium on desktop-stable-118-4944 to 118.0.5993.118 DNA-112757 Tab close button Close button is cutted when a lot tabs are opened - The update to chromium 118.0.5993.118 fixes following issues:...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +125 more potentially affected by CVE-2023-43665 via django (>=3.2.0 <=3.2.21)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =1.0.6, =6.2.0, =0.2.0, =0.1.0, =21.1.1, =21.1.0, =22.0.0.dev13, =22.0.0.dev14 and more Source cves: CVE-2023-43665 Source advisory: OSV:GHSA-H8GC-PGJ2-VJM3...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +125 more potentially affected by CVE-2023-43665 via django (>=3.2.0 <=3.2.21)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =1.0.6, =6.2.0, =0.2.0, =0.1.0, =21.1.1, =21.1.0, =22.0.0.dev13, =22.0.0.dev14 and more Source cves: CVE-2023-43665 Source advisory: OSV:PYSEC-2023-226...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +125 more potentially affected by CVE-2023-46695 via django (>=3.2.0 <=3.2.22)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =1.0.6, =3.2.17.0, =6.2.0, =0.2.0, =0.1.0, =21.1.1, =21.1.0, =22.0.0.dev13, =22.0.0.dev14 and more Source cves: CVE-2023-46695 Source advisory: OSV:GHSA-QMF9-6JQF-J8FQ...

WP Post Popup <= 3.7.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Enter the following payload in the Close...

CVE-2023-45135 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In org.xwiki.platform:xwiki-platform-web versions 7.2-milestone-2 until 14.10.12 and org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12 and 15.5-rc-1, it is possible to...

WordPress Add to Calendar Button Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Add to Calendar Button Type Plugin Vulnerable versions 1.5.1 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46613 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d1a3af767789 Credits Ngô Thiên An ancorn from...

WordPress WhatsApp Share Button Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WhatsApp Share Button Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5668 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID c35696dd32a5 Credits István Márton Requir...