PT-2023-27866 · Unknown · Buildfail Localize Remote Images

Name of the Vulnerable Software and Affected Versions: Buildfail Localize Remote Images plugin versions 1.0.9 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

PT-2023-26235 · Unknown · Mike Perelink Pro

Name of the Vulnerable Software and Affected Versions: Mike Perelink Pro plugin versions = 2.1.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticate...

PT-2023-21124 · Unknown · Sami Ahmed Siddiqui Http Auth Plugin

Name of the Vulnerable Software and Affected Versions: Sami Ahmed Siddiqui HTTP Auth plugin versions 0.3.2 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

PT-2023-28124 · WordPress · Ashok Rane Order Delivery Date For Wp E-Commerce

Name of the Vulnerable Software and Affected Versions: Ashok Rane Order Delivery Date for WP e-Commerce plugin versions prior to 1.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations:...

PT-2023-29176 · Unknown · Riyaz Social Metrics

Name of the Vulnerable Software and Affected Versions: Riyaz Social Metrics plugin versions prior to 2.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions prior to 2.3, update to...

PT-2023-29179 · WordPress · Jewel Theme Wp Adminify

Name of the Vulnerable Software and Affected Versions: Jewel Theme WP Adminify plugin versions 3.1.6 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. There is no information provided about the...

PT-2023-29169 · Unknown · Leap Contractor Contact Form Website To Workflow Tool

Name of the Vulnerable Software and Affected Versions: Leap Contractor Contact Form Website to Workflow Tool plugin versions prior to 4.0.0 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This allows for malicious scripts to be injected into a...

PT-2023-28047 · Unknown · Irina Sokolovskaya Goods Catalog

Name of the Vulnerable Software and Affected Versions: Irina Sokolovskaya Goods Catalog plugin versions = 2.4.1 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It affects versions of the Irina Sokolovskaya Goods Catalog plugin where authentication as a...

PT-2023-28029 · WordPress · I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery

Name of the Vulnerable Software and Affected Versions: I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin versions = 1.0.13 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts...

PT-2023-21261 · Unknown · Abel Ruiz Guruwalk Affiliates Plugin

Name of the Vulnerable Software and Affected Versions: Abel Ruiz GuruWalk Affiliates plugin versions 1.0.0 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects authenticated administrators. This type of vulnerability allows an attacker to...

WordPress Block Plugin Update Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Block Plugin Update Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44261 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f0f21aec1564 Credits Abdi Pranata...

PT-2023-28134 · Tyche Softwares · Order Delivery Date For Woocommerce

Name of the Vulnerable Software and Affected Versions: Tyche Softwares Order Delivery Date for WooCommerce plugin versions = 3.20.0 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This allows for malicious scripts to be injected into a website,...

PT-2023-27194 · Std.Cloud · Wxsync Plugin

Name of the Vulnerable Software and Affected Versions: std.Cloud WxSync plugin versions = 2.7.23 Description: A Stored Cross-Site Scripting XSS vulnerability exists, allowing authenticated contributors to inject malicious scripts. The issue affects versions of the WxSync plugin up to and includin...

PT-2023-23612 · Unknown · Pexle Chris Library Viewer

Name of the Vulnerable Software and Affected Versions: Pexle Chris Library Viewer plugin versions 2.0.6 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects authenticated users with contributor or higher permissions. This vulnerability allo...

PT-2023-19008 · WordPress · Chp Ads Block Detector

Name of the Vulnerable Software and Affected Versions: CHP Ads Block Detector plugin for WordPress versions up to, and including, 3.9.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the chp abd action function. This allows...

PT-2023-24723 · WordPress · Bhavik Patel Woocommerce Order Address Print Plugin

Name of the Vulnerable Software and Affected Versions: Bhavik Patel Woocommerce Order address Print plugin versions = 3.2 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This allows for malicious scripts to be injected into the website, potentially leading t...

PT-2023-23618 · WordPress · Ignazio Scimone Albo Pretorio On Line

Name of the Vulnerable Software and Affected Versions: Ignazio Scimone Albo Pretorio On line plugin versions = 4.6.3 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into the website,...

PT-2023-23619 · Unknown · Ignazio Scimone Albo Pretorio On Line

Name of the Vulnerable Software and Affected Versions: Ignazio Scimone Albo Pretorio On line plugin versions = 4.6.3 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potential...

PT-2023-23249 · Creativemindssolutions · Cm On Demand Search/Replace

Name of the Vulnerable Software and Affected Versions: CreativeMindsSolutions CM On Demand Search And Replace plugin versions prior to 1.3.0 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin+ privileges can...

PT-2023-21909 · WordPress · Balasaheb Bhise Advanced Youtube Channel Pagination

Name of the Vulnerable Software and Affected Versions: Balasaheb Bhise Advanced Youtube Channel Pagination plugin version 1.0 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This vulnerability allows for the injection of malicious...