EUVD-2023-29851

Malicious code in bioql PyPI...

CVE-2022-3139

The We’re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin We’re Open! 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-25964

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Noah Hearle, Design Extreme We’re Open! plugin = 1.46 versions...

CVE-2023-25964 WordPress We’re Open! Plugin <= 1.46 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Noah Hearle, Design Extreme We’re Open! plugin = 1.46 versions...

CVE-2023-25964

CVE-2023-25964 affects the WordPress plugin We’re Open! (Design Extreme) = 1.47. References to public disclosures include Patchstack’s vulnerability entry: https://patchstack.com/database/vulnerability/opening-hours/wordpress-we-re-open-plugin-1-46-cross-site-scripting-xss-vulnerability.

CVE-2023-25964 WordPress We’re Open! Plugin <= 1.46 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Noah Hearle, Design Extreme We’re Open! plugin = 1.46 versions...

PT-2023-20391 · Unknown · Design Extreme We’Re Open!

Name of the Vulnerable Software and Affected Versions: Design Extreme We’re Open! plugin versions 1.46 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Design Extreme We’re...

Cross site scripting

The We’re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3139 We’re Open! < 1.42 - Admin+ Stored Cross-Site Scripting

The We’re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress We’re Open! plugin <= 1.41 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress We’re Open! plugin versions = 1.41. Solution Update the WordPress We’re Open! plugin to the latest available version at least 1.42...