WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection

WordPress Podlove Podcast Publisher plugin before 3.5.6 is susceptible to SQL injection. The Social & Donations module, not activated by default, adds the REST route /services/contributor/?P\d+ and takes id and category parameters as arguments. Both parameters can be exploited, thereby potentiall...

WordPress jQuery Dropdown Menu plugin <= 3.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin jQuery Dropdown Menu versions = 3.0...

CVE-2023-45829 WordPress Newsletter & Bulk Email Sender Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in HappyBox Newsletter & Bulk Email Sender – Email Newsletter Plugin for WordPress plugin = 2.0.1 versions...

CVE-2016-10941

The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF...

CVE-2016-10942

The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insertid parameter exploitable via CSRF...

Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress

Advisory ID: HTB23082 Product: All-in-One Event Calendar Plugin for WordPress Vendor: The Seed Studio Vulnerable Versions: 1.4 and probably prior Tested Version: 1.4 Vendor Notification: 21 March 2012 Public Disclosure: 11 April 2012 Vulnerability Type: Cross-Site Scripting XSS CVE References:...