CVE-2019-25144

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator...

WordPress plugin Video Playlist and Gallery 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Video Playlist and...

WordPress plugin Newsletter Popup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2023-33311

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CRM Perks Contact Form Entries plugin = 1.3.0 versions...

CVE-2023-25470

Cross-Site Request Forgery CSRF vulnerability in Anton Skorobogatov Rus-To-Lat plugin = 0.3 versions...

CVE-2023-25971

Cross-Site Request Forgery CSRF vulnerability in FixBD Educare plugin = 1.4.1 versions...

CVE-2022-47144

Cross-Site Request Forgery CSRF vulnerability in Plugincraft Mediamatic – Media Library Folders plugin = 2.8.1 versions...

CVE-2022-47180

Cross-Site Request Forgery CSRF vulnerability in Kopa Theme Kopa Framework plugin = 1.3.5 versions...

WordPress plugin User Meta Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2023-25698

Cross-Site Request Forgery CSRF vulnerability in Studio Wombat Shoppable Images plugin = 1.2.3 versions...

PT-2023-22974 · Unknown · Theguidex User Ip/Location

Name of the Vulnerable Software and Affected Versions: TheGuideX User IP and Location plugin versions = 2.2 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication and affects users with contributor or higher permissions...

CVE-2023-23709

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Denis WPJAM Basic plugin = 6.2.1 versions...

PT-2023-24126 · Jenkins · Jenkins Saml Single Sign On(Sso) Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SAML Single Sign OnSSO Plugin versions 2.0.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to send an HTTP POST request with a JSON body containing attacker-specified content to miniOrange's...

CVE-2023-22690

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Shopfiles Ltd Ebook Store plugin = 5.775 versions...

CVE-2022-45846 WordPress Image Map Pro Plugin < 5.6.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin 5.6.9 versions...

PT-2023-19101 · WordPress · Team With Slider

Name of the Vulnerable Software and Affected Versions: Sk. Abul Hasan Team Member – Team with Slider plugin versions = 4.4 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website...

CVE-2023-26519

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alex Benfica Publish to Schedule plugin = 4.5.4 versions...

CVE-2023-25982

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Eirudo Simple YouTube Responsive plugin = 2.5 versions...

CVE-2023-26012

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Denzel Chia | Phire Design Custom Login Page plugin = 2.0 versions...

PT-2023-16620 · WordPress · Zyrex Popup

Name of the Vulnerable Software and Affected Versions: ZYREX POPUP WordPress plugin versions 1.0 and earlier Description: The issue allows a high privileged user, such as an Administrator, to upload arbitrary files when creating a popup, even when modifying the file system is disallowed, such as ...