CVE-2023-40205

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Pixelgrade PixTypes plugin = 1.4.15 versions...

CVE-2023-39992

Unauth. Reflected Cross-Site Scripting XSS vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin = 4.3.2 versions...

CVE-2023-39919

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in maennchen1.De wpShopGermany – Protected Shops plugin = 2.0 versions...

PT-2023-20083 · Gopi Ramasamy · Wp Tell A Friend Popup Form Plugin

Name of the Vulnerable Software and Affected Versions: Gopi Ramasamy wp tell a friend popup form plugin versions = 7.1 Description: The issue is related to an Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with administrative access can inject...

PT-2023-26396 · Unknown · Email Sender

Name of the Vulnerable Software and Affected Versions: Elastic Email Sender plugin versions 1.2.6 and earlier Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin+ privileges can inject malicious scripts into t...

PT-2023-26495 · Visualmodo · Visualmodo Borderless Plugin

Name of the Vulnerable Software and Affected Versions: Visualmodo Borderless plugin versions = 1.4.8 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin+ privileges can inject malicious scripts into the...

CVE-2023-25042

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Liam Gladdy Storm Consultancy oAuth Twitter Feed for Developers plugin = 2.3.0 versions...

CVE-2023-32603

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RedNao Donations Made Easy – Smart Donations plugin = 4.0.12 versions...

CVE-2023-32584

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in John Newcombe eBecas plugin = 3.1.3 versions...

WordPress plugin Advanced Custom Fields 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-32122

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Spiffy Plugins Spiffy Calendar plugin = 4.9.3 versions...

CVE-2023-32103

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Theme Palace TP Education plugin = 4.4 versions...

CVE-2023-31074

Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...

CVE-2023-38397

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Eggemplo Gestion-Pymes plugin = 1.5.6 versions...

CVE-2023-24393

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Sk. Abul Hasan Animated Number Counters plugin = 1.6 versions...

CVE-2022-27861

Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin = 4.7.5 versions...

CVE-2023-27416

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Decon Digital Decon WP SMS plugin = 1.1 versions...

Sql injection

Auth. subscriber+ SQL Injection SQLi vulnerability in MainWP MainWP Maintenance Extension plugin = 4.1.1 versions...

PT-2023-25602 · WordPress · Woocommerce Order Barcodes

Name of the Vulnerable Software and Affected Versions: WooCommerce Order Barcodes plugin versions 1.6.4 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended action...

CVE-2023-35047

Cross-Site Request Forgery CSRF vulnerability in AREOI All Bootstrap Blocks plugin = 1.3.6 versions...