CVE-2023-44994

Cross-Site Request Forgery CSRF vulnerability in Bainternet ShortCodes UI plugin = 1.9.8 versions...

CVE-2023-44985

Auth. contributo+ Stored Cross-Site Scripting XSS vulnerability in Cytech BuddyMeet plugin = 2.2.0 versions...

CVE-2023-35097

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Internet Marketing Dojo WP Affiliate Links plugin = 0.1.1 versions...

CVE-2023-41730

Cross-Site Request Forgery CSRF vulnerability in SendPress Newsletters plugin = 1.22.3.31 versions...

CVE-2023-35778

Cross-Site Request Forgery CSRF vulnerability in Neha Goel Recent Posts Slider plugin = 1.1 versions...

CVE-2023-35878

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Vadym K. Extra User Details plugin = 0.5 versions...

CVE-2023-24395

Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin = 1.0.3 versions...

CVE-2023-46087

Cross-Site Request Forgery CSRF vulnerability in Mahlamusa Who Hit The Page – Hit Counter plugin = 1.4.14.3 versions...

CVE-2023-45102

Cross-Site Request Forgery CSRF vulnerability in OTWthemes Blog Manager Light plugin = 1.20 versions...

CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-47190

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Apollo13Themes Apollo13 Framework Extensions plugin = 1.9.0 versions...

CVE-2023-34006

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marco Milesi Telegram Bot & Channel plugin = 3.6.2 versions...

CVE-2023-45602

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Shopfiles Ltd Ebook Store plugin = 5.785 versions...

CVE-2023-28993

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Ignazio Scimone Albo Pretorio On Line plugin = 4.6.1 versions...

CVE-2023-44245

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...

CVE-2023-27417

Cross-Site Request Forgery CSRF vulnerability in Timo Reith Affiliate Super Assistent plugin = 1.5.1 versions...

CVE-2023-26539

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Max Chirkov Advanced Text Widget plugin = 2.1.2 versions...

CVE-2023-23732

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joel James Disqus Conditional Load plugin = 11.0.6 versions...

CVE-2023-0644

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-1025

The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...