WordPress Google Analytics by Monster Insights Plugin < 8.12.1 is vulnerable to Cross Site Scripting (XSS)

Software Google Analytics by Monster Insights Type Plugin Vulnerable versions 8.12.1 Fixed in 8.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0081 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 30ac1c972f6b Credi...

WordPress Leaflet Maps Marker Plugin < 3.12.7 is vulnerable to Cross Site Scripting (XSS)

Software Leaflet Maps Marker Type Plugin Vulnerable versions 3.12.7 Fixed in 3.12.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4677 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 99a82b35c26d Credits Lana Codes...

WordPress jQuery T(-) Countdown Widget Plugin < 2.3.24 is vulnerable to Cross Site Scripting (XSS)

Software jQuery T- Countdown Widget Type Plugin Vulnerable versions 2.3.24 Fixed in 2.3.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0171 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6d69c46b235b Credits Lana...

WordPress WP Blog and Widget Plugin < 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Blog and Widget Type Plugin Vulnerable versions 2.3.1 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4824 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID db9b8648db51 Credits Lana Codes Requir...

XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument

In order for this weakness to be exploited, the following conditions have to apply, at the same time: - method Wrapper::buildClientWrapperCode, or any methods which depend on it, such as Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod or Wrapper::buildWrapMethodSource must be in use. Note th...

GHSA-7VCX-V65Q-9WPG XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument

In order for this weakness to be exploited, the following conditions have to apply, at the same time: - method Wrapper::buildClientWrapperCode, or any methods which depend on it, such as Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod or Wrapper::buildWrapMethodSource must be in use. Note th...

WordPress Send PDF for Contact Form 7 Plugin < 0.9.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Send PDF for Contact Form 7 Type Plugin Vulnerable versions 0.9.9.2 Fixed in 0.9.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0143 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 570b9726f6b6 Credits Istv...

WordPress YouTube Channel Plugin < 3.23.0 is vulnerable to Cross Site Scripting (XSS)

Software YouTube Channel Type Plugin Vulnerable versions 3.23.0 Fixed in 3.23.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4756 Patch priority Medium CVSS severity Medium 6.3 Developer Aleksandar Urošević PSID 3866f6e0ecf5 Credits Lana Codes...

WordPress Breadcrumb Plugin < 1.5.33 is vulnerable to Cross Site Scripting (XSS)

Software Breadcrumb Type Plugin Vulnerable versions 1.5.33 Fixed in 1.5.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4836 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 68e0f577b655 Credits Lana Codes Required...

WordPress Ibtana Plugin < 1.1.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Ibtana Type Plugin Vulnerable versions 1.1.8.8 Fixed in 1.1.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4674 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e564cfbd3326 Credits Lana Codes Required...

WordPress WP Show Posts Plugin < 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Show Posts Type Plugin Vulnerable versions 1.1.4 Fixed in 1.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4459 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID d21b91713c03 Credits Lana Codes Required...

Voyager SQL注入漏洞

Voyager is an application by David Borland, an individual developer. Voyager suffers from a SQL injection vulnerability. An attacker could exploit this vulnerability to perform a sql injection attack...

WordPress WC Vendors Marketplace Plugin < 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Software WC Vendors Marketplace Type Plugin Vulnerable versions 2.4.5 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0072 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID c2abc726ee8e Credits Lana Codes...

WordPress Cloak Front End Email Plugin <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Cloak Front End Email Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0150 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8e7d5eb708ad Credits István Márto...

WordPress EAN for WooCommerce Plugin < 4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software EAN for WooCommerce Type Plugin Vulnerable versions 4.4.3 Fixed in 4.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0062 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID efcc1edc10be Credits Lana Codes...

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4700 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 423004fa0a2f Credits Ramuel Gall Required...

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4703 Patch priority Medium CVSS severity Medium 4.3 Developer WProyal PSID c80fbc0d4bbd Credits Ramuel Gall Required...

WordPress PDF.js Viewer Plugin < 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software PDF.js Viewer Type Plugin Vulnerable versions 2.1.8 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4670 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 33028ec86f1d Credits Lana Codes Required...

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4701 Patch priority Medium CVSS severity Medium 4.3 Developer WProyal PSID d49799edf75b Credits Ramuel Gall Required...

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4705 Patch priority Medium CVSS severity Medium 4.3 Developer WProyal PSID 52604a902691 Credits Ramuel Gall Required...