6232 matches found
PT-2023-32567 · WordPress · The Events Calendar
Name of the Vulnerable Software and Affected Versions: The Events Calendar WordPress plugin versions prior to 6.2.8.1 Description: The issue allows unauthenticated users to access the content of password-protected posts via a crafted request. Recommendations: For versions prior to 6.2.8.1, update...
PT-2023-30588 · Clever · Delete Duplicate Posts
Name of the Vulnerable Software and Affected Versions: Delete Duplicate Posts versions n/a through 4.8.9 Description: The issue is related to a Missing Authorization vulnerability in Clever plugins, specifically in the Delete Duplicate Posts plugin. This vulnerability allows accessing functionali...
WordPress Plugin Delete Duplicate Posts Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Plugin Events Calendar Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2023-32437 · WordPress · Smartcrawl
Name of the Vulnerable Software and Affected Versions: SmartCrawl WordPress plugin versions prior to 3.8.3 Description: The issue allows unauthorized users to access the content of password-protected posts. Recommendations: For versions prior to 3.8.3, update to version 3.8.3 or later to resolve...
WordPress Plugin SmartCrawl Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-49182
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10...
CVE-2023-49180
CVE-2023-49180 corresponds to a Stored Cross-Site Scripting in the WordPress plugin Automatic Youtube Video Posts (versions up to 5.2.2). The vulnerability affects the plugin via admin/settings context, allowing authenticated attackers with Administrator+ privileges to inject scripts. Public expl...
PT-2023-31100 · Unknown · Fabio Marzocca List All Posts By Authors
Name of the Vulnerable Software and Affected Versions: Fabio Marzocca List all posts by Authors, nested Categories and Titles versions 2.7.10 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allo...
WordPress Plugin List all posts by Authors, nested Categories and Titles Cross-site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress Plugin List all posts by Authors, nested...
WordPress Plugin Automatic Youtube Video Posts Plugin Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2023-31098 · WordPress · Automatic Youtube Video Posts Plugin
Name of the Vulnerable Software and Affected Versions: Automatic Youtube Video Posts Plugin versions through 5.2.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...
CVE-2023-1234
creationtimestamp| type| source ---|---|--- 2023-12-11 07:54:33+00:00| seen| https://t.me/arpsyndicate/1717 2025-01-31 17:51:19+00:00| seen| https://gist.github.com/CarterOgunsola/8ef626effb6fa27887c6b571b9a0962e 2025-03-10 09:50:51+00:00| seen|...
Yet Another Stars Rating < 3.4.4 - Missing Authorization via init
Description The Yet Another Stars Rating plugin for WordPress is vulnerable to unauthorized modification of data due to a missing check on the init function in versions up to, and including, 3.4.3. This makes it possible for unauthenticated attackers to vote on private or nonexistent posts...
Royal Elementor Addons and Templates < 1.3.81 - Unauthenticated Arbitrary Post Read
Description The plugin does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content WooCommerce needs to be...
CVE-2023-41735
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2...
CVE-2023-41735
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2...
CVE-2023-45066
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1...
Code injection
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2...
CVE-2023-41735
The CVE CVE-2023-41735 applies to the WordPress plugin Email posts to subscribers, affected up to version 6.2. The issue is an information-disclosure vulnerability caused by missing authorization checks, allowing unauthenticated actors to access subscriber email data. Multiple connected sources c...