CVE-2023-45102

Cross-Site Request Forgery CSRF vulnerability in OTWthemes Blog Manager Light plugin = 1.20 versions...

CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-47190

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Apollo13Themes Apollo13 Framework Extensions plugin = 1.9.0 versions...

CVE-2023-34006

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marco Milesi Telegram Bot & Channel plugin = 3.6.2 versions...

CVE-2023-45602

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Shopfiles Ltd Ebook Store plugin = 5.785 versions...

CVE-2023-28993

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Ignazio Scimone Albo Pretorio On Line plugin = 4.6.1 versions...

CVE-2023-44245

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...

CVE-2023-27417

Cross-Site Request Forgery CSRF vulnerability in Timo Reith Affiliate Super Assistent plugin = 1.5.1 versions...

CVE-2023-26539

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Max Chirkov Advanced Text Widget plugin = 2.1.2 versions...

CVE-2023-23732

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joel James Disqus Conditional Load plugin = 11.0.6 versions...

CVE-2023-0644

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-1025

The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-0274

The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-23827

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Google Maps v3 Shortcode plugin = 1.2.1 versions...

CVE-2023-23733

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joel James Lazy Social Comments plugin = 2.0.4 versions...

CVE-2023-23727

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Formilla Live Chat by Formilla plugin = 1.3 versions...

CVE-2023-23660

Auth. subscriber+ SQL Injection SQLi vulnerability in MainWP MainWP Maintenance Extension plugin = 4.1.1 versions...

CVE-2023-32496

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin = 7.31 versions...

CVE-2023-27414

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Popup Box Team Popup box plugin = 3.4.4 versions...

CVE-2023-34005

Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Front End Users plugin = 3.2.24 versions...