PT-2023-32354 · WordPress · Thumbnail Carousel Slider Plugin

Name of the Vulnerable Software and Affected Versions: Thumbnail carousel slider plugin for WordPress version 1.0 Description: The issue is due to missing nonce validation on the deleteselected function, making it possible for unauthenticated attackers to delete sliders in bulk via a forged reque...

CVE-2023-45759

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Peter Keung Peter’s Custom Anti-Spam plugin = 3.2.2 versions...

CVE-2023-45758

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marco Milesi Amministrazione Trasparente plugin = 8.0.2 versions...

CVE-2023-45768

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Stephanie Leary Next Page plugin = 1.5.2 versions...

CVE-2023-45767

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Wokamoto Simple Tweet plugin = 1.4.0.2 versions...

CVE-2023-45646

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Henryholtgeerts PDF Block plugin = 1.1.0 versions...

PT-2023-29722 · Libsyn · Libsyn Publisher Hub

Name of the Vulnerable Software and Affected Versions: Libsyn Libsyn Publisher Hub plugin versions 1.4.4 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a...

PT-2023-29670 · WordPress · Easy Testimonial Slider/Form

Name of the Vulnerable Software and Affected Versions: Easy Testimonial Slider and Form versions 1.0.18 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can...

WordPress plugin Booster for WooCommerce cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-45632

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WebDorado SpiderVPlayer plugin = 1.5.22 versions...

CVE-2023-45608

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Nicola Modugno Smart Cookie Kit plugin = 2.3.1 versions...

CVE-2023-45070

Unauth. Reflected Cross-Site Scripting XSS vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin = 1.15.18 versions...

CVE-2023-45056

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in 100plugins Open User Map plugin = 1.3.26 versions...

CVE-2023-45054

Unauth. Reflected Cross-Site Scripting XSS vulnerability in AWESOME TOGI Product Category Tree plugin = 2.5 versions...

CVE-2023-45062 WordPress Download canvasio3D Light Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Thomas Scholl canvasio3D Light plugin = 2.4.6 versions...

PT-2023-32055 · WordPress · Avirtum Ipanorama 360 Wordpress Virtual Tour Builder

Name of the Vulnerable Software and Affected Versions: iPanorama 360 – WordPress Virtual Tour Builder plugin versions up to, and including, 1.8.0 Description: The issue is related to SQL Injection via the plugin's shortcode due to insufficient escaping on the user supplied parameter and lack of...

CVE-2023-4725

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4290

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...

WordPress plugin WordPress Online Booking and Scheduling Plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-32124

Cross-Site Request Forgery CSRF vulnerability in Arul Prasad J Publish Confirm Message plugin = 1.3.1 versions...