CVE-2023-0274

The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-23827

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Google Maps v3 Shortcode plugin = 1.2.1 versions...

CVE-2023-23733

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joel James Lazy Social Comments plugin = 2.0.4 versions...

CVE-2023-23727

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Formilla Live Chat by Formilla plugin = 1.3 versions...

CVE-2023-23660

Auth. subscriber+ SQL Injection SQLi vulnerability in MainWP MainWP Maintenance Extension plugin = 4.1.1 versions...

CVE-2023-32496

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin = 7.31 versions...

CVE-2023-27414

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Popup Box Team Popup box plugin = 3.4.4 versions...

CVE-2023-34005

Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Front End Users plugin = 3.2.24 versions...

CVE-2023-34012

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Premium Addons for Elementor Premium Addons PRO plugin = 2.8.24 versions...

CVE-2023-34178

Cross-Site Request Forgery CSRF vulnerability in Groundhogg Inc. Groundhogg plugin = 2.7.11 versions...

CVE-2023-3063

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

CVE-2023-47768

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Russell Jamieson Footer Putter plugin = 1.17 versions...

CVE-2023-28166

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Aakif Kadiwala Tags Cloud Manager plugin = 1.0.0 versions...

CVE-2023-33207

Cross-Site Request Forgery CSRF vulnerability in Krzysztof Wielogórski Stop Referrer Spam plugin = 1.3.0 versions...

CVE-2023-47686

Cross-Site Request Forgery CSRF vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin = 2.7.2.2 versions...

CVE-2023-25055

Cross-Site Request Forgery CSRF vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin = 2.6.1 versions...

CVE-2023-24372

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in USB Memory Direct Simple Custom Author Profiles plugin = 1.0.0 versions...

CVE-2023-47231

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Bainternet ShortCodes UI plugin = 1.9.8 versions...

CVE-2022-43458

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Code Tides Advanced Floating Content plugin = 1.2.1 versions...

CVE-2022-32970

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Themify Themify Portfolio Post plugin = 1.2.4 versions...