WordPress plugin Pingmeter Uptime Monitoring 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress kk Star Ratings plugin <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin kk Star Ratings versions = 5.4.10...

CVE-2024-11297

The Page Restriction WordPress WP – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from pos...

WordPress plugin Category Post Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WPLMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Taeggie Feed plugin <= 0.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Taeggie Feed versions = 0.1.9...

CVE-2024-54409 WordPress XPD Reduce Image Filesize plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in fzmaster @ XPD XPD Reduce Image Filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through 1.0...

CVE-2024-54413 WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in Stefan Brandt Display Future Posts allows Stored XSS.This issue affects Display Future Posts: from n/a through 0.2.3...

CVE-2024-54430 WordPress EELV Newsletter plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Cross Site Request Forgery.This issue affects EELV Newsletter: from n/a through = 4.8.2...

CVE-2024-54431

CVE-2024-54431 is a CSRF-to-Stored-XSS vulnerability in the Admin Customization plugin for Admin Customization: from n/a through 2.2. The issue, described in connected documents as a Cross-Site Request Forgery vulnerability that enables Stored XSS, affects the Admin Customization plugin before or...

CVE-2024-54431 WordPress Admin Customization plugin <= 2.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in phpdevp Admin Customization wpp-customization allows Stored XSS.This issue affects Admin Customization: from n/a through = 2.2...

CVE-2024-54433

CVE-2024-54433 describes a CSRF vulnerability in the Simple Booking Widget that can lead to stored XSS. Affected software is Simple Booking Widget (version range from n/a through 1.1). Connected sources confirm the issue and indicate patch status as Unpatched; no public exploitation status is pro...

CVE-2024-54439

CVE-2024-54439 is a CSRF to Stored XSS vulnerability in the Amazon Product Price WordPress plugin. Affected software: Amazon Product Price (WordPress). Reported issue links indicate CSRF could trigger Stored XSS, enabling execution of arbitrary scripts in victim sessions. CVSSv3.1 base score 7.1 ...

WordPress plugin Zita Site Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-17590 · WordPress · Import Eventbrite Events

Name of the Vulnerable Software and Affected Versions: Import Eventbrite Events plugin for WordPress versions up to, and including, 1.7.4 Description: The issue is related to Reflected Cross-Site Scripting via the page parameter due to insufficient input sanitization and output escaping. This...

CVE-2024-54234 WordPress Limit Login Attempts plugin <= 5.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through = 5.5...

CVE-2023-40203 WordPress MailChimp Forms by MailMunch plugin <= 3.1.4 - Broken Access Control

Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4...

CVE-2023-39995

CVE-2023-39995 relates to WordPress Portfolio and Projects plugin (versions

CVE-2022-46838

CVE-2022-46838 affects the WordPress plugin JS Help Desk – Best Help Desk & Support Plugin, versions prior to 2.7.1. The issue is a Missing Authorization vulnerability due to an incorrectly configured access control security level, enabling unauthenticated users to perform settings changes. Impac...

WordPress plugin WP Directory Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...