PT-2023-20094 · Ezoic · Ezoic Ampedsense – Adsense Split Tester

Name of the Vulnerable Software and Affected Versions: Ezoic AmpedSense – AdSense Split Tester plugin versions = 4.68 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowin...

WhitePage <= 1.1.5 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

Snap Pixel <= 1.5.7 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

which template file < 4.9 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

PT-2023-24570 · WordPress · Read More & Accordion

Name of the Vulnerable Software and Affected Versions: Read More & Accordion WordPress plugin versions prior to 3.2.7 Description: The issue allows high-privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present, due to the unserialize of user input provide...

Awesome Support < 6.1.5 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC Visit the following URL as an admin user, with any valid ticket ID. Press the acce...

PT-2023-28628 · WordPress · Wp Matterport Shortcode

Name of the Vulnerable Software and Affected Versions: WP Matterport Shortcode WordPress plugin versions prior to 2.1.8 Description: The issue is related to the WP Matterport Shortcode WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them bac...

PT-2023-29161 · WordPress · Joakim Ling Remove Slug From Custom Post Type Plugin

Name of the Vulnerable Software and Affected Versions: Joakim Ling Remove slug from custom post type plugin versions 1.0.3 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintende...

CVE-2023-44146

The CVE-2023-44146 entry concerns the WordPress plugin Checkfront Online Booking System, affected in versions ≤ 3.6. The vulnerability is Cross-Site Request Forgery (CSRF) impacting settings updates. Patch guidance from PatchStack indicates the fix is in version 3.7, with exploitation deemed unli...

WordPress Plugin Sign-up Sheets Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-26405 · Taboola · Taboola

Name of the Vulnerable Software and Affected Versions: Taboola plugin versions = 2.0.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that t...

Cookie Monster <= 1.51 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4915 WP User Control <= 1.5.3 - Insecure Password Reset Mechanism

The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function in the WP User Control Widget. The functi...

PT-2023-31069 · WordPress · Wp User Control

Name of the Vulnerable Software and Affected Versions: WP User Control plugin for WordPress versions up to, and including 1.5.3 Description: The issue arises from the plugin's use of native password reset functionality with insufficient validation on the password reset function in the WP User...

Woo Custom Emails <= 2.2 - Reflected XSS

Description The plugin does not sanitise and escape the wcemailsedit parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-40552

CVE-2023-40552 affects the WordPress Fitness calculators plugin (versions &lt;= 2.0.7; PatchStack lists vulnerability in

PT-2023-26242 · WordPress · Dharmesh Patel Post List With Featured Image

Name of the Vulnerable Software and Affected Versions: Dharmesh Patel Post List With Featured Image plugin versions 1.2 and earlier Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...

WordPress plugin Slimstat Analytics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...

CVE-2023-31076 WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin = 8.0.6 versions...

Custom Field Template < 2.6 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape the posttype parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...