PT-2023-21123 · WordPress · Wpgrim Classic Editor/Classic Widgets

Name of the Vulnerable Software and Affected Versions: WPGrim Classic Editor and Classic Widgets plugin versions 1.2.5 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing...

PT-2023-20695 · WordPress · Wpindeed Debug Assistant

Name of the Vulnerable Software and Affected Versions: WPIndeed Debug Assistant plugin versions 1.4 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web...

PT-2023-22041 · Unknown · Robin Phillips Mobile Banner

Name of the Vulnerable Software and Affected Versions: Robin Phillips Mobile Banner plugin versions 1.5 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended action...

PT-2023-21851 · Unknown · Marios Alexandrou Enhanced Plugin Admin

Name of the Vulnerable Software and Affected Versions: Marios Alexandrou Enhanced Plugin Admin plugin versions = 1.16 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

PT-2023-21249 · WordPress · Audrasjb Reusable Blocks Extended

Name of the Vulnerable Software and Affected Versions: audrasjb Reusable Blocks Extended plugin versions 0.9 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

PT-2023-23886 · WordPress · Designs & Code Forget About Shortcode Buttons

Name of the Vulnerable Software and Affected Versions: Designs & Code Forget About Shortcode Buttons plugin versions = 2.1.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions ...

PT-2023-24649 · WordPress · Malinky Ajax Pagination/Infinite Scroll

Name of the Vulnerable Software and Affected Versions: Malinky Ajax Pagination and Infinite Scroll plugin versions = 2.0.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application tha...

PT-2023-20400 · Unknown · Frédéric Sheedy Etsy Shop

Name of the Vulnerable Software and Affected Versions: Frédéric Sheedy Etsy Shop plugin versions = 3.0.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on the web...

PT-2023-24707 · Sakura Internet Inc. · Ts Webfonts For さくらのレンタルサーバ

Name of the Vulnerable Software and Affected Versions: SAKURA Internet Inc. TS Webfonts for さくらのレンタルサーバ plugin versions = 3.1.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing...

PT-2023-23891 · WordPress · Wp Reactions Lite

Name of the Vulnerable Software and Affected Versions: WP Reactions Lite plugin versions 1.3.8 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the WP Reactions Lite plugin. This allows an attacker to perform unintended actions on a user's behalf. Recommendations: For WP...

PT-2023-24640 · WordPress · Wps Hide Login

Name of the Vulnerable Software and Affected Versions: LWS Hide Login plugin versions = 2.1.6 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application...

PT-2023-30375 · WordPress · Vyas Dipen Top 25 Social Icons

Name of the Vulnerable Software and Affected Versions: Vyas Dipen Top 25 Social Icons plugin versions = 3.1 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It affects users with contributor or higher permissions. There is no information provided about the...

PT-2023-30378 · WordPress · Bainternet Shortcodes Ui

Name of the Vulnerable Software and Affected Versions: Bainternet ShortCodes UI plugin versions 1.9.8 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It affects users with contributor or higher permissions. There is no information provided about t...

PT-2023-30372 · WordPress · I Thirteen Web Solution Post Sliders & Post Grids

Name of the Vulnerable Software and Affected Versions: I Thirteen Web Solution Post Sliders & Post Grids plugin versions = 1.0.20 Description: The issue is related to an Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with administrative access can...

PT-2023-32282 · WordPress · Wd Widgettwitter

Name of the Vulnerable Software and Affected Versions: WD WidgetTwitter plugin for WordPress versions up to, and including, 1.0.9 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the plugin's...

PT-2023-32454 · WordPress · Imagemapper

Name of the Vulnerable Software and Affected Versions: ImageMapper plugin for WordPress versions up to, and including, 1.2.6 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on multiple functions. This allows unauthenticated attackers to...

CVE-2023-5360

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. Recent assessments: jheysel-r7 at November 29, 2023 9:40pm UTC reported: The Royal...

PT-2023-29895 · Unknown · Eric Teubert Archivist – Custom Archive Templates

Name of the Vulnerable Software and Affected Versions: Eric Teubert Archivist – Custom Archive Templates plugin versions 1.7.5 and earlier Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website...

PT-2023-29832 · Lavacode · Lavacode Lava Directory Manager

Name of the Vulnerable Software and Affected Versions: Lavacode Lava Directory Manager plugin versions = 1.1.34 Description: The issue is related to an Unauth. Stored Cross-Site Scripting XSS vulnerability. This allows for the storage of malicious scripts that can be executed by other users,...

PT-2023-29720 · Unknown · Leadsquared Suite

Name of the Vulnerable Software and Affected Versions: LeadSquared Suite plugin versions 0.7.4 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects authenticated administrators. This vulnerability allows for malicious scripts to be stored o...