WordPress Plugin WP Customer Reviews Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Automattic: Timeline API returns private post when target of a push notification

The Timeline API was able to return private posts when the target of a push notification, even though the user did not have access to the post...

PT-2023-32237 · WordPress · Wp Hotel Booking

Name of the Vulnerable Software and Affected Versions: WP Hotel Booking WordPress plugin versions prior to 2.0.8 Description: The issue concerns a lack of authorization and CSRF checks in the WP Hotel Booking WordPress plugin, which also fails to verify that the item to be deleted is indeed a...

Elementor Addon Elements < 1.12.8 - Unauthenticated Post ID/Tile Disclosure

Description The plugin does not have authorisation in its ajaxeaepostdata function, allowing unauthenticated users to retrieve arbitrary posts/pages such as draft, private etc IDs and tiles...

ImageMapper <= 1.2.6 - Subscriber+ Arbitrary Post Deletion

Description The plugin does not authoring in its imgmapdeleteareaajax AJAX action, allowing any authenticated users, such as subscriber to delete arbitrary posts and pages...

CVE-2019-2535

creationtimestamp| type| source ---|---|--- 2023-11-15 16:53:03+00:00| published-proof-of-concept| https://t.me/BABATATASASA/5977 2023-11-15 17:01:59+00:00| published-proof-of-concept| https://t.me/BABATATASASA/5994...

CVE-2023-43979

ETS Soft ybcblog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component YbcblogBlogModuleFrontController::getPosts...

WordPress Delete Duplicate Posts Plugin <= 4.8.9 is vulnerable to Broken Access Control

Software Delete Duplicate Posts Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47754 Patch priority Low CVSS severity Low 4.3 Developer CleverPlugins.com PSID e78902a6f1d5 Credits Huynh Tien Si Required...

CVE-2023-47120 Discourse DoS through Onebox favicon URL

Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...

PT-2023-30324 · Discourse +1 · Discourse +1

Name of the Vulnerable Software and Affected Versions: Discourse versions 3.1.0 through 3.1.2 Discourse versions 3.1.0,beta6 through 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. In the affected versions, Redis memory can be depleted by crafting a site wi...

Discourse Security Breach

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse versions 3.1.0 through 3.1.2, which originates from potentially exhausting Redis memory by creating a website with an unusually...

CVE-2023-47238

Cross-Site Request Forgery CSRF vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin = 3.3.2 versions...

CVE-2023-47238

Cross-Site Request Forgery CSRF vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin = 3.3.2 versions...

CVE-2023-47238

The CVE-2023-47238 entry concerns WebberZone Top 10 – WordPress Popular posts by WebberZone plugin. A CSRF vulnerability affects versions

WordPress Templately - Gutenberg & Elementor Template Library Plugin < 2.2.6 Missing Authorization Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:templately:templately"; ifdescription...

CVE-2022-44738

Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3...

CVE-2022-44738

Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3...

Input validation

Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3...

CVE-2022-44738

CVE-2022-44738 relates to the WordPress Posts and Users Stats plugin (

CVE-2022-44738 WordPress Posts and Users Stats plugin 1.1.3 - CSV Injection vulnerability

A vulnerability in Patrick Robrecht Posts and Users Stats posts-and-users-stats.This issue affects Posts and Users Stats: from n/a through = 1.1.3...