PT-2023-19221 · Qumos · Qumos Mojoplug Slide Panel Plugin

Name of the Vulnerable Software and Affected Versions: Qumos MojoPlug Slide Panel plugin versions prior to 1.1.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For Qumos MojoPlug...

CVE-2023-27443

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Grant Kimball Simple Vimeo Shortcode plugin = 2.9.1 versions...

CVE-2022-47586

Unauth. SQL Injection SQLi vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin = 3.1.23 versions...

WordPress Plugin AI ChatBot 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2023-21181 · WordPress · Upload Resume Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Upload Resume WordPress plugin versions 1.2.0 and earlier Description: The issue allows unauthenticated visitors to upload arbitrary media files to the site due to a lack of validation of the captcha parameter when uploading a resume via the...

CVE-2023-26013

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WPChill Strong Testimonials plugin = 3.0.2 versions...

PT-2023-25164 · Jenkins · Jenkins Sonargraph Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sonargraph Integration Plugin versions 5.0.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the file path and the project name for the Log file field form validation are...

CVE-2023-31236

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in unFocus Projects Scripts n Styles plugin = 3.5.7 versions...

CVE-2021-4343

The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stmlistingregister AJAX action function being accessible and taking roles unprotected. This makes it possible for unauthenticated...

PT-2023-12447 · WordPress · Unauthenticated Account Creation

Name of the Vulnerable Software and Affected Versions: Unauthenticated Account Creation plugin for WordPress versions up to, and including, 1.6.6 Description: The issue allows unauthenticated attackers to create accounts, including those with administrator privileges, due to the stm listing...

WordPress plugin VK Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-4676

The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2023-27613

Unauth. Reflected Cross-Site Scripting XSS vulnerability in MonitorClick Forms Ada – Form Builder plugin = 1.0 versions...

CVE-2023-33315

Cross-Site Request Forgery CSRF vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin = 1.1.2 versions...

CVE-2023-25976

Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin = 1.2.2 versions...

CVE-2023-25781

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sebastian Krysmanski Upload File Type Settings plugin = 1.1 versions...

PT-2023-22146 · Artistscope · Artistscope Copysafe Web Protection

Name of the Vulnerable Software and Affected Versions: ArtistScope CopySafe Web Protection plugin versions = 3.13 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially...

CVE-2022-38356

Cross-Site Request Forgery CSRF vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin = 1.3.4 versions...

WordPress plugin CoSchedule 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2023-15076 · WordPress · Brainstorm Force Starter Templates

Name of the Vulnerable Software and Affected Versions: Brainstorm Force Starter Templates plugin versions = 3.1.20 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions...