CVE-2023-5905

The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...

Authorization

The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...

CVE-2023-5905 DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export

The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...

CVE-2023-6029 EazyDocs < 2.3.6 - Unauthenticated Arbitrary Posts Deletion and Document Management

The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections...

CVE-2023-6029 EazyDocs < 2.3.6 - Unauthenticated Arbitrary Posts Deletion and Document Management

The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections...

PT-2024-14841 · WordPress · Demomentsomtres Wordpress Export Posts With Images

Name of the Vulnerable Software and Affected Versions: DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 Description: The issue allows any logged-in user, such as subscribers, to export the contents of the blog, including restricted and unpublished posts, as wel...

WordPress Plugin DeMomentSomTres WordPress Export Posts With Images Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin DeMomentSomTres WordPress...

PT-2024-14858 · WordPress · Eazydocs

Name of the Vulnerable Software and Affected Versions: EazyDocs WordPress plugin versions prior to 2.3.6 Description: The issue allows unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections, due to the lack of authorization and CSRF checks when handling...

List category posts < 0.89.4 - Contributor+ Stored Cross-Site Scripting via Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

Posts to Page <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Posts to Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

The Events Calendar < 6.2.9 - Unauthenticated Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wpajaxnoprivtribedropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and I...

CVE-2023-6994

The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-6582

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending...

CVE-2023-6582

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending...

CVE-2023-6994 List category posts <= 0.89.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-6994 List category posts <= 0.89.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Plugin List category posts Security Breach

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-15167 · WordPress · List Category Posts

Name of the Vulnerable Software and Affected Versions: The List category posts plugin for WordPress versions up to, and including, 0.89.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode due to insufficient input sanitization and output escapin...

WordPress List category posts Plugin <= 0.89.3 is vulnerable to Cross Site Scripting (XSS)

Software List category posts Type Plugin Vulnerable versions = 0.89.3 Fixed in 0.89.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6994 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1c18776c10d9 Credits Ngô Thiên An ancor...

CVE-2023-52145

Cross-Site Request Forgery CSRF vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21...