PT-2023-19879 · WordPress · Utahta Wp Social Bookmarking Light

Name of the Vulnerable Software and Affected Versions: utahta WP Social Bookmarking Light plugin versions 2.0.7 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintende...

PT-2023-19357 · Unknown · Theonlinehero - Tom Skroza Admin Block Country

Name of the Vulnerable Software and Affected Versions: TheOnlineHero - Tom Skroza Admin Block Country plugin versions prior to 7.1.5 Description: A Cross-Site Request Forgery CSRF issue has been identified. This type of issue allows an attacker to trick a user into performing unintended actions o...

PT-2023-15183 · German Krutov · Login/Registration Attempts Limit

Name of the Vulnerable Software and Affected Versions: German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin versions = 2.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing...

PT-2023-15219 · WordPress · Wp Easy Pay Wp Easypay – Square

Name of the Vulnerable Software and Affected Versions: WP Easy Pay WP EasyPay – Square for WordPress plugin versions = 4.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

PT-2023-19902 · WordPress · Slickremix Feed Them Social

Name of the Vulnerable Software and Affected Versions: SlickRemix Feed Them Social plugin versions = 3.0.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a we...

PT-2023-18657 · Supsystic · Supsystic Coming Soon

Name of the Vulnerable Software and Affected Versions: Supsystic Coming Soon by Supsystic plugin versions = 1.7.10 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the us...

GHSA-3XF9-PGC2-MR9C Jenkins SAML Single Sign On(SSO) Plugin missing permission checks

Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier does not perform permission checks in multiple HTTP endpoints. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins...

PT-2023-19106 · Richard Leishman · Webforward Mail Subscribe List Plugin

Name of the Vulnerable Software and Affected Versions: Richard Leishman t/a Webforward Mail Subscribe List plugin versions 2.1.9 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects the Richard Leishman t/a Webforward Mail Subscribe List...

WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting

Overview WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" provided by Vektor,Inc. contain multiple cross-site scripting vulnerabilities CWE-79 listed below. Cross-site scripting vulnerability in Tag edit function - CVE-2023-27923 Cross-site scripting vulnerability in Post function ...

PT-2023-19169 · WordPress · Joel James Lazy Social Comments

Name of the Vulnerable Software and Affected Versions: Joel James Lazy Social Comments plugin versions = 2.0.4 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin access can inject malicious scripts into the...

PT-2023-15089 · WordPress · Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop

Name of the Vulnerable Software and Affected Versions: Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin versions = 0.1 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This allows for malicious scripts to be injected...

PT-2023-19168 · Unknown · Joel James Disqus Conditional Load

Name of the Vulnerable Software and Affected Versions: Joel James Disqus Conditional Load plugin versions 11.0.6 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Joel James...

PT-2023-16515 · WordPress · Avirato Hotels Online Booking Engine

Name of the Vulnerable Software and Affected Versions: Avirato hotels online booking engine WordPress plugin versions 5.0.5 and earlier Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which are then used in SQL statements. This could allow...

PT-2023-18653 · Woocommerce · Chilidevs Return/Warranty Management System

Name of the Vulnerable Software and Affected Versions: chilidevs Return and Warranty Management System for WooCommerce plugin versions 1.2.3 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited without...

PT-2023-20698 · WordPress · Alex Benfica Publish To Schedule

Name of the Vulnerable Software and Affected Versions: Alex Benfica Publish to Schedule plugin versions 4.5.4 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions 4.5.4 a...

PT-2023-20428 · WordPress · Tauhidul Alam Simple Portfolio Gallery

Name of the Vulnerable Software and Affected Versions: Tauhidul Alam Simple Portfolio Gallery plugin versions = 0.1 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin access can inject malicious scripts into...

PT-2023-20300 · WordPress · Alex Moss Firecask Like & Share Button

Name of the Vulnerable Software and Affected Versions: Alex Moss FireCask Like & Share Button plugin versions 1.1.5 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Alex Moss...

PT-2023-17156 · WordPress · Seopress

Name of the Vulnerable Software and Affected Versions: SEOPress WordPress plugin versions prior to 6.5.0.3 Description: The issue allows high-privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present, due to the unserialize of user input provided via the...

PT-2023-14777 · Unknown · Denis 微信机器人高级版

Name of the Vulnerable Software and Affected Versions: Denis 微信机器人高级版 plugin versions = 6.0.1 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability. This means an attacker can inject malicious scripts into a website, which will then be executed by the user's browser...

PT-2023-20308 · Unknown · Link Juice Keeper

Name of the Vulnerable Software and Affected Versions: Link Juice Keeper plugin versions prior to 2.0.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For versions prior to 2.0.3,...