WordPress 5.0.x < 5.0.20 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

WordPress Plugin WordPress Popular Posts Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress 4.5.x < 4.5.30 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

WordPress 4.6.x < 4.6.27 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

CVE-2023-44990

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin = 1.0.7.1 versions...

CVE-2023-44990 WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin = 1.0.7.1 versions...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost Mobile suffers from a security vulnerability that stems from a failure to limit the maximum number of Markdown elements in a post, allowing an attacker to send a post containing hundreds of emojis to a...

DEBIAN-CVE-2023-5561

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

CVE-2023-4687

The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...

CVE-2023-4687

The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...

CVE-2023-3707

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected post...

UBUNTU-CVE-2023-5561

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

Code injection

The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...

Cross site scripting

The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-4725 Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4725

CVE-2023-4725 affects the WordPress plugin Simple Posts Ticker prior to version 1.1.6. The issue is that certain settings are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., administrators) even when the unfiltered_html capability is disallowed (such as in multi...

CVE-2023-4725 Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4646

CVE-2023-4646 affects the WordPress plugin Simple Posts Ticker (versions before 1.1.6). The flaw is insufficient validation/escaping of shortcode attributes, allowing stored XSS when a user with Contributor+ privileges outputs the shortcode on a post/page. The vulnerability is confirmed in multip...

CVE-2023-4646 Simple Posts Ticker < 1.1.6 - Contributor+ Stored XSS

The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-4687 PageLayer < 1.7.7 - Unauthenticated Stored XSS

The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...