PT-2024-20238 · WordPress · Better Comments

Name of the Vulnerable Software and Affected Versions: Better Comments WordPress plugin versions prior to 1.5.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...

PT-2024-22401 · WordPress · Social Share

Name of the Vulnerable Software and Affected Versions: The Social Share, Social Login and Social Comments Plugin versions prior to 7.13.64 Description: The issue concerns the WordPress plugin The Social Share, Social Login and Social Comments Plugin, where some settings are not properly sanitized...

PT-2024-18271 · WordPress · Testimonial Slider

Name of the Vulnerable Software and Affected Versions: Testimonial Slider WordPress plugin versions prior to 2.3.8 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for exampl...

PT-2024-18278 · WordPress · Nps Computy Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: NPS computy WordPress plugin versions 2.7.5 and earlier Description: The issue concerns the lack of CSRF checks in certain areas of the plugin, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks...

PT-2024-31154 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin plugin for WordPress versions up to, and including, 4.2.6.5 Description: The issue is due to missing checks in the create account function in the checkout, making it possible for unauthenticated attackers to...

PT-2024-17997 · WordPress · Wp-Stateless

Name of the Vulnerable Software and Affected Versions: WP-Stateless – Google Cloud Storage plugin for WordPress versions up to, and including, 3.4.0 Description: The issue is related to a missing capability check on the dismiss notices function, which allows authenticated attackers with...

Multiple vulnerabilities in WordPress Plugin "Survey Maker"

Overview WordPress Plugin "Survey Maker" provided by AYS Pro Plugins contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2023-34423 Insufficient verification of data authenticity CWE-345 - CVE-2023-35764 Atsuya Yoda of GMO Cybersecurity by Ierae, Inc. reported...

PT-2024-15475 · WordPress · Travelpayouts: All Travel Brands In One Place

Name of the Vulnerable Software and Affected Versions: Travelpayouts: All Travel Brands in One Place WordPress plugin versions 1.1.15 and earlier Description: The issue is related to insufficient validation on the travelpayouts redirect variable, making it possible for unauthenticated attackers t...

Code injection

Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of...

PT-2024-15219 · WordPress · Persian Fonts Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Persian Fonts WordPress plugin versions 1.6 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, i...

PT-2023-30622 · Unknown · Bamboo Mcr Bamboo Columns Plugin

Name of the Vulnerable Software and Affected Versions: Bamboo Mcr Bamboo Columns plugin versions = 1.6.1 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. Recommendations: For Bamboo Mcr Bamboo Columns plugin...

PT-2023-22732 · Magepeople Team · Wpbusticketly

Name of the Vulnerable Software and Affected Versions: MagePeople Team WpBusTicketly plugin versions prior to 5.2.6 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. Recommendations: For versions prior to 5.2....

PT-2023-20411 · Unknown · Wattisit Paygreen

Name of the Vulnerable Software and Affected Versions: WattIsIt PayGreen – Ancienne version plugin versions = 4.10.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actio...

PT-2023-30625 · WordPress · Venutius Bp Profile Shortcodes Extra

Name of the Vulnerable Software and Affected Versions: Venutius BP Profile Shortcodes Extra plugin versions = 2.5.2 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting'. This allows for potentially malicious...

PT-2023-23847 · Unknown · Himanshu Parashar Google Site Verification Plugin Using Meta Tag

Name of the Vulnerable Software and Affected Versions: Himanshu Parashar Google Site Verification plugin using Meta Tag versions 1.2 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing...

PT-2023-30388 · Marco Milesi · Anac Xml Viewer Plugin

Name of the Vulnerable Software and Affected Versions: Marco Milesi ANAC XML Viewer plugin versions = 1.7 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Marco Milesi ANAC XML Viewer...

PT-2023-30484 · Codebard · Patron Button/Widgets For Patreon

Name of the Vulnerable Software and Affected Versions: CodeBard's Patron Button and Widgets for Patreon plugin versions = 2.1.9 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This vulnerability requires PHP 8.x. Recommendations: For CodeBard's...

PT-2023-30534 · Cedcommerce · Cedcommerce Recently Viewed/Most Viewed Products Plugin

Name of the Vulnerable Software and Affected Versions: CedCommerce Recently viewed and most viewed products plugin versions prior to 1.1.1 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It affects users with Auth Shop Manager+ permissions. Recommendations: F...

PT-2023-30496 · Unknown · Walter Pinem Oneclick Chat To Order

Name of the Vulnerable Software and Affected Versions: Walter Pinem OneClick Chat to Order plugin versions 1.0.4.2 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For...

PT-2023-30478 · WordPress · Sendpress Newsletters

Name of the Vulnerable Software and Affected Versions: SendPress Newsletters plugin versions = 1.23.11.6 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing...