CVE-2023-41736

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Email posts to subscribers plugin = 6.2 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Email posts to subscribers plugin = 6.2 versions...

CVE-2023-41736 WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Email posts to subscribers plugin = 6.2 versions...

WordPress Plugin email-posts-to-subscribers Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2023-10301 · WordPress · Most Popular Posts Widget Plugin

Name of the Vulnerable Software and Affected Versions: Most Popular Posts Widget Plugin versions up to 0.8 Description: A critical issue has been found in the Most Popular Posts Widget Plugin, affecting the add views/show views function of the functions.php file. This issue leads to sql injection...

WordPress Plugin Most Popular Posts Widget SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Most Popular Posts Widget...

CVE-2023-5193

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation...

CVE-2023-5193 System Role with manage posts permission can read posts of Direct Messages

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from the inability to properly check permissions when retrieving posts...

WordPress Simple Posts Ticker Plugin < 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Simple Posts Ticker Type Plugin Vulnerable versions 1.1.6 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4646 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 90737b96b35d Credits Dmitrii Ignatyev...

WordPress Simple Posts Ticker Plugin < 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Simple Posts Ticker Type Plugin Vulnerable versions 1.1.6 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4725 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fb8f01332256 Credits Dmitrii Ignatyev...

PageLayer < 1.7.7 - Unauthenticated Stored XSS

Description The plugin doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts. PoC Unauthenticated attacker Proof of Concept 1 As a legitimate administrator, schedule a post to be published in a few minutes. 2 Close every window to that site to...

Simple Posts Ticker < 1.1.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Add a post with the shortcode:...

WordPress Allow PHP in Posts and Pages Plugin <= 3.0.4 is vulnerable to Remote Code Execution (RCE)

Software Allow PHP in Posts and Pages Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-4994 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID bcf7a7b556b2 Credits Lana Codes Required...

CVE-2023-4039

creationtimestamp| type| source ---|---|--- 2023-09-13 12:34:52+00:00| seen| https://t.me/cibsecurity/70370 2025-08-20 15:44:36+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3lwtrgrwkiq2h 2025-08-20 15:44:39+00:00| seen|...

WordPress plugin MasterStudy LMS security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-40560

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...

CVE-2023-40560 WordPress Schedule Posts Calendar Plugin <= 5.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...

CVE-2023-40560

CVE-2023-40560 is an authenticated Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Schedule Posts Calendar, affecting versions

CVE-2023-4779

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...