WordPress plugin Booster for WooCommerce cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-45632

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WebDorado SpiderVPlayer plugin = 1.5.22 versions...

CVE-2023-45608

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Nicola Modugno Smart Cookie Kit plugin = 2.3.1 versions...

CVE-2023-45070

Unauth. Reflected Cross-Site Scripting XSS vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin = 1.15.18 versions...

CVE-2023-45056

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in 100plugins Open User Map plugin = 1.3.26 versions...

CVE-2023-45054

Unauth. Reflected Cross-Site Scripting XSS vulnerability in AWESOME TOGI Product Category Tree plugin = 2.5 versions...

CVE-2023-45062 WordPress Download canvasio3D Light Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Thomas Scholl canvasio3D Light plugin = 2.4.6 versions...

PT-2023-32055 · WordPress · Avirtum Ipanorama 360 Wordpress Virtual Tour Builder

Name of the Vulnerable Software and Affected Versions: iPanorama 360 – WordPress Virtual Tour Builder plugin versions up to, and including, 1.8.0 Description: The issue is related to SQL Injection via the plugin's shortcode due to insufficient escaping on the user supplied parameter and lack of...

CVE-2023-4725

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4290

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...

WordPress plugin WordPress Online Booking and Scheduling Plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-32124

Cross-Site Request Forgery CSRF vulnerability in Arul Prasad J Publish Confirm Message plugin = 1.3.1 versions...

CVE-2023-45063

Cross-Site Request Forgery CSRF vulnerability in ReCorp AI Content Writing Assistant Content Writer, GPT 3 & 4, ChatGPT, Image Generator All in One plugin = 1.1.5 versions...

CVE-2023-23737

Unauth. SQL Injection SQLi vulnerability in MainWP MainWP Broken Links Checker Extension plugin = 4.0 versions...

CVE-2023-41853

Cross-Site Request Forgery CSRF vulnerability in WP iCal Availability plugin = 1.0.3 versions...

CVE-2023-44145

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in jesweb.Dev Anchor Episodes Index Spotify for Podcasters plugin = 2.1.7 versions...

CVE-2023-41856

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ClickToTweet.Com Click To Tweet plugin = 2.0.14 versions...

CVE-2023-41666

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Stockdio Stock Quotes List plugin = 2.9.9 versions...

CVE-2023-41861

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Restrict plugin = 2.2.4 versions...

CVE-2023-28790

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Brett Shumaker Simple Staff List plugin = 2.2.3 versions...