CVE-2023-6875

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7...

CVE-2023-6875

WordPress POST SMTP Mailer plugin (

CVE-2023-6878 Slick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option Update

The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssbajaxupdate' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permission...

CVE-2023-6878 Slick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option Update

The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssbajaxupdate' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permission...

CVE-2023-6878

The CVE-2023-6878 entry concerns the Slick Social Share Buttons WordPress plugin. Affected versions:

CVE-2023-6637 CAOS | Host Google Analytics Locally <= 4.7.14 - Missing Authorization to Unauthenticated Plugin Settings Update

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin...

CVE-2023-6637 CAOS | Host Google Analytics Locally <= 4.7.14 - Missing Authorization to Unauthenticated Plugin Settings Update

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin...

CVE-2023-6369 Export WP Page to Static HTML/CSS <= 2.1.9 - Missing Authorization via Multiple AJAX Actions

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with...

CVE-2023-6369

CVE-2023-6369 affects the WordPress plugin “Export WP Page to Static HTML/CSS” up to version 2.1.9. Root cause: missing capability checks on multiple AJAX actions, enabling authenticated users with subscriber-level access and above to access data or perform unauthorized actions (e.g., saving adva...

CVE-2023-6742 Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'enviragalleryinsertimages' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated...

CVE-2023-6883

The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

CVE-2023-6883 Easy Social Feed <= 6.5.2 - Missing Authorization to Settings Modification

The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

WordPress Plugin Export WP Page to Static HTML/CSS Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin Slick Social Share Buttons Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin POST SMTP Mailer Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

WordPress Plugin Easy Social Feed Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin SpeedyCache Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-15114 · WordPress · Slick Social Share Buttons

Name of the Vulnerable Software and Affected Versions: Slick Social Share Buttons plugin for WordPress versions up to, and including, 2.4.11 Description: The issue allows unauthorized modification of data due to a missing capability check on the dcssb ajax update function. This makes it possible...

POST SMTP Mailer < 2.8.8 - Authorization Bypass via type connect-app API

Description The plugin is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to...

WordPress Plugin LightStart Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...