6233 matches found
WordPress plugin Simple Posts Ticker cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
WordPress plugin Simple Posts Ticker cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
PT-2023-30035 · WordPress · Simple Posts Ticker
Name of the Vulnerable Software and Affected Versions: The Simple Posts Ticker WordPress plugin versions prior to 1.1.6 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes in the plugin, which could allow users with the contributor role and above to...
WordPress plugin Pagelayer cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2023-44467
creationtimestamp| type| source ---|---|--- 2023-10-10 00:16:12+00:00| seen| https://t.me/cibsecurity/71868 2025-04-03 13:52:48+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/12001 2025-04-04 13:42:39+00:00| seen|...
WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload
Software User Submitted Posts Type Plugin Vulnerable versions = 20230902 Fixed in 20230914 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-45603 Patch priority High CVSS severity High 9 Developer Claim ownership PSID b7d676bf7c95 Credits Rafie Muhammad Patchstack...
CVE-2023-5331 File Information Leak via IDOR in file_id in Draft Posts
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information...
WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Popular Posts Type Plugin Vulnerable versions = 6.3.2 Fixed in 6.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45607 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1c445e00e39 Credits Rafie Muhammad Patchstack...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from a failure to properly check the creator of an attachment when adding it to a draft post, which could lead to information disclosure...
CVE-2023-40556
Cross-Site Request Forgery CSRF vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...
CVE-2023-40556
Cross-Site Request Forgery CSRF vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...
CVE-2023-40556
Summary: CVE-2023-40556 is a CSRF vulnerability in the WordPress plugin “Schedule Posts Calendar” by Greg Ross, affecting versions
CVE-2023-40556 WordPress Schedule Posts Calendar Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...
CVE-2023-40556 WordPress Schedule Posts Calendar Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...
WordPress Plugin Schedule Posts Calendar Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2023-27509 · WordPress · Greg Ross Schedule Posts Calendar
Name of the Vulnerable Software and Affected Versions: Greg Ross Schedule Posts Calendar plugin versions = 5.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user i...
CVE-2023-37995
Cross-Site Request Forgery CSRF vulnerability in Chetan Gole WP-CopyProtect Protect your blog posts plugin = 3.1.0 versions...
CVE-2015-10124
CVE-2015-10124 affects the WordPress plugin Most Popular Posts Widget Plugin (versions up to 0.8). The vulnerability resides in the functions.php, in add_views/show_views, enabling SQL injection that can be exploited remotely. Upgrading to version 0.9 addresses the issue (patch: a99667d11ac8d3200...
CVE-2023-41736
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Email posts to subscribers plugin = 6.2 versions...