CVE-2023-41131

CVE-2023-41131 refers to a CSRF vulnerability in the WordPress plugin Sptify Play Button for WordPress (Jonk @ Follow me Darling Sp tify Play Button) affecting versions

WordPress plugin Sp*tify Play Button Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2023-27815 · WordPress · Jonk @ Follow Me Darling Sp*Tify Play Button

Name of the Vulnerable Software and Affected Versions: Jonk @ Follow me Darling Sptify Play Button for WordPress plugin versions = 2.10 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performi...

WP Like Button <= 1.7.0 - Button Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its Button settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

PT-2023-29530 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.39.5 MediaWiki versions 1.40.x prior to 1.40.1 Description: An issue was discovered in the Vector Skin component for MediaWiki. The vector-toc-toggle-button-label is not escaped, but should be, because the line...

CVE-2023-40199

Cross-Site Request Forgery CSRF vulnerability in CRUDLab WP Like Button plugin = 1.7.0 versions...

CVE-2023-40199

Cross-Site Request Forgery CSRF vulnerability in CRUDLab WP Like Button plugin = 1.7.0 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in CRUDLab WP Like Button plugin = 1.7.0 versions...

CVE-2023-40199 WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in CRUDLab WP Like Button plugin = 1.7.0 versions...

CVE-2023-40199 WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in CRUDLab WP Like Button plugin = 1.7.0 versions...

CVE-2023-40199

CVE-2023-40199 describes a Cross-Site Request Forgery (CSRF) vulnerability in the CRUDLab WP Like Button plugin for WordPress, affecting versions

WordPress Plugin WP Like Button Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2023-27318 · WordPress · Crudlab Wp Like Button

Name of the Vulnerable Software and Affected Versions: CRUDLab WP Like Button plugin versions = 1.7.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in YYDevelopment Back To The Top Button plugin = 2.1.5 versions...

CVE-2023-41733

CVE-2023-41733 affects the WordPress plugin YYDevelopment Back To The Top Button (versions 2.1.5, e.g., 2.1.7 or newer) is the recommended mitigation. If upgrading is not feasible, monitor for updates and consider compensating controls until a patch can be applied.

WordPress Timely Booking Button Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Timely Booking Button Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-44987 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7f597f7217c8 Credits yuyudhn Required...

PT-2023-28351 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions prior to 4.0.10 Mastodon versions prior to 4.2.8 Mastodon versions prior to 4.2.0-rc2 Description: Mastodon is a free, open-source social network server based on ActivityPub. In certain conditions, attackers can abuse the...

Add and remove accounts buttons disappeared on Citrix Workspace app for Windows

Add and Remove Accounts buttons disappeared on Citrix Workspace app for Windows...

PT-2023-5466 · Red Hat · 3Scale Admin Portal

Name of the Vulnerable Software and Affected Versions: 3Scale Admin Portal affected versions not specified Description: A flaw was found in 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the...

WordPress Back To The Top Button Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Back To The Top Button Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41733 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 476e426fa8a5 Credits Rio Darmawan...