6 matches found
WordPress Poll Maker plugin <= 5.4.6 - Authenticated (Administrator+) SQL Injection vulnerability
Authenticated Administrator+ SQL Injection vulnerability discovered by Ivan Kuzymchak in WordPress Plugin Poll Maker versions = 5.4.6...
WordPress FluentForm plugin <= 5.1.19 - Authenticated (Form Manager+) Stored Cross-Site Scripting vulnerability
Authenticated Form Manager+ Stored Cross-Site Scripting vulnerability discovered by Ivan Kuzymchak in WordPress Plugin FluentForm versions = 5.1.19...
WordPress LuckyWP Table of Contents plugin <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ivan Kuzymchak in WordPress Plugin LuckyWP Table of Contents versions = 2.1.4...
WordPress WPvivid Backup and Migration Plugin <= 0.9.89 is vulnerable to Cross Site Scripting (XSS)
Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.89 Fixed in 0.9.90 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5121 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e1420d6f67a7 Credits Ivan...
WordPress FiboSearch – Ajax Search for WooCommerce Plugin <= 1.23.0 is vulnerable to Cross Site Scripting (XSS)
Software FiboSearch – Ajax Search for WooCommerce Type Plugin Vulnerable versions = 1.23.0 Fixed in 1.24.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2450 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1e16f85faf8c Credi...
WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Vulnerabilities
On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference,...