2089 matches found
CVE-2023-5205
The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addcustombodyclass' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-5205 Add Custom Body Class <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addcustombodyclass' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-4947 WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
CVE-2023-4947 WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
WooCommerce CVR Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) CVR Update
Description The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordercvrdata AJAX action. This makes it possible for authenticated attackers with contributor-level access and above, to update C...
CVE-2023-4948
The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordercvrdata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
Design/Logic Flaw
The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordercvrdata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
Cross-site Scripting (XSS)
Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient sanitization of block attributes. An attacker can embed arbitrary content in HTML comments on the page by...
Input validation
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain...