CVE-2024-23502

CVE-2024-23502 applies to WordPress plugin Posts List Designer by Category – List Category Posts Or Recent Posts (InfornWeb) and is a Stored XSS via improper input neutralization during web page generation. Affected versions are listed as n/a through 3.3.2; a fix is available in 3.3.3. PatchStack...

PT-2024-19904 · Unknown · Infornweb Posts List Designer By Category – List Category Posts/Recent Posts

Name of the Vulnerable Software and Affected Versions: InfornWeb Posts List Designer by Category – List Category Posts Or Recent Posts versions n/a through 3.3.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting...

WordPress plugin Posts List Designer by Category Cross-site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WOLF – WordPress Posts Bulk Editor and Manager Professional < 1.0.8.2 - Cross-Site Request Forgery

Description The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbecreatenewterm, wpbeupdatetaxterm, and...

CVE-2023-7199

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request...

CVE-2023-7199

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request...

SchedulePress < 5.0.5 - Contributor+ Arbitrary Post Update/Deletion

Description The plugin does not have proper capability checks on several REST API endpoints, allowing contributors and above roles to edit and delete arbitrary posts...

WordPress plugin Relevanssi security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress plugin Relevanssi version...

CVE-2024-0402

creationtimestamp| type| source ---|---|--- 2024-01-26 02:26:35+00:00| seen| https://t.me/ctinow/173953 2024-01-26 11:56:47+00:00| seen| https://t.me/ctinow/174171 2024-01-26 12:46:40+00:00| published-proof-of-concept| https://t.me/techb0ltGenona/4239 2024-01-28 13:16:07+00:00| seen|...

WordPress Advanced Schedule Posts Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Schedule Posts Type Plugin Vulnerable versions = 2.1.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0249 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 858b382898f4 Credits Krzysztof...

Advanced Schedule Posts <= 2.1.8 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins...

Advanced Schedule Posts <= 2.1.8 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins. PoC...

WordPress Posts List Designer by Category – List Category Posts Or Recent Posts Plugin <= 3.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Posts List Designer by Category – List Category Posts Or Recent Posts Type Plugin Vulnerable versions = 3.3.2 Fixed in 3.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-23502 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

CVE-2023-5922

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protect...

CVE-2023-5922 Royal Elementor Addons and Templates < 1.3.81 - Unauthenticated Arbitrary Post Read

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protect...

EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management

Description The plugin re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9....

PT-2024-15213 · Peepso · The Community By Peepso

Name of the Vulnerable Software and Affected Versions: The Community by PeepSo WordPress plugin versions prior to 6.3.1.2 Description: The issue is related to the lack of a CSRF check when creating a user post, which could allow attackers to make logged-in users perform such actions via a CSRF...

CVE-2023-6029

The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections...

CVE-2023-5905

The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...

CVE-2023-6029

The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections...