6233 matches found
CVE-2023-4779
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...
CVE-2023-4779
CVE-2023-4779 affects the WordPress plugin User Submitted Posts . The vulnerability is a stored XSS via the plugin’s [usp_gallery] shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes (e.g., ‘before’). Impact: authenticated attackers with contributo...
CVE-2023-4779 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...
CVE-2023-4779 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...
WordPress User Submitted Posts Plugin <= 20230901 is vulnerable to Cross Site Scripting (XSS)
Software User Submitted Posts Type Plugin Vulnerable versions = 20230901 Fixed in 20230902 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-7251 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 99d2f2c1710a Credits Ngô Thiên An ancorn from...
WordPress plugin Schedule Posts Calendar cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin User Submitted Posts Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to Sensitive Data Exposure
Software Email posts to subscribers Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-41735 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 57fcad585177 Credits Rafshanzani Suhada...
CVE-2023-2173
The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosdeletestepajaxhandler, badgeosdeleteawardstepajaxhandler, badgeosdeletedeductstepajaxhandler,...
CVE-2023-4036
The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...
WordPress plugin Simple Blog Card 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2023-32510
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rolf van Gelder Order Your Posts Manually plugin = 2.2.5 versions...
CVE-2023-32510 WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rolf van Gelder Order Your Posts Manually plugin = 2.2.5 versions...
CVE-2023-32510
CVE-2023-32510 is an unauthenticated Reflected XSS in the WordPress plugin Order Your Posts Manually (versions
CVE-2023-32510 WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rolf van Gelder Order Your Posts Manually plugin = 2.2.5 versions...
WordPress plugin Order Your Posts Manually 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2023-32509
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rolf van Gelder Order Your Posts Manually plugin = 2.2.5 versions...
CVE-2023-32509
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rolf van Gelder Order Your Posts Manually plugin = 2.2.5 versions...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rolf van Gelder Order Your Posts Manually plugin = 2.2.5 versions...
CVE-2023-32509
CVE-2023-32509: Unauthenticated reflected XSS in WordPress plugin Order Your Posts Manually (