InstaWP Connect < 0.0.9.19 - Unauthenticated Data Modification

Description The plugin does not have authorisation check in its eventsreceiver function, allowing unauthenticated users to create/update/delete posts/taxonomy, install/activate/deactivate plugin, update the customizer settings as well as create/update/delete arbitrary users...

CVE-2023-35043

CVE-2023-35043 corresponds to an unauthenticated stored XSS in the WordPress plugin Neha Goel Recent Posts Slider , affected versions

WordPress plugin Recent Posts Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-25112 · WordPress · Neha Goel Recent Posts Slider

Name of the Vulnerable Software and Affected Versions: Neha Goel Recent Posts Slider plugin versions = 1.1 Description: The issue is related to an Unauth. Stored Cross-Site Scripting XSS vulnerability. This allows for malicious scripts to be stored on the server and executed when a user accesses...

WordPress Remove Duplicate Posts Plugin <= 1.3.5 is vulnerable to Broken Access Control

Software Remove Duplicate Posts Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-29237 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 36a581916e0b Credits Junsu Yeo Requir...

WordPress DeMomentSomTres WordPress Export Posts With Images Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Software DeMomentSomTres WordPress Export Posts With Images Type Plugin Vulnerable versions = 2.5 Fixed in 20200610 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 568a0722ed5e Credits...

WordPress BuddyForms Posts 2 Posts Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Posts 2 Posts Type Plugin Vulnerable versions = 1.0.10 Fixed in 1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6d47ac352bde Credits Rafie Muhammad Patchstack...

WordPress SV Posts Plugin <= 1.9.00 is vulnerable to Cross Site Scripting (XSS)

Software SV Posts Type Plugin Vulnerable versions = 1.9.00 Fixed in 2.0.00 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID f4cc0b514da7 Credits Rafie Muhammad Patchstack Required...

WordPress Remove Duplicate Posts Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Remove Duplicate Posts Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 06b3bc1848f2 Credits Rafie Muhammad Patchstack...

WordPress WZ Followed Posts - Display what visitors are reading Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WZ Followed Posts - Display what visitors are reading Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 898fec8fcd41 Credit...

WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP-CopyProtect Protect your blog posts Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25025 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 483e3127703e Credit...

WordPress BuddyForms Hierarchical Posts Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Hierarchical Posts Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0e41c8fe2c4e Credits Rafie Muhammad...

WordPress WordPress Editable Posts Table for the Frontend Plugin < 2.4.28 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Editable Posts Table for the Frontend Type Plugin Vulnerable versions 2.4.28 Fixed in 2.4.28 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7f8dbd4fe9f8 Credits...

WordPress Bulk Edit Posts and Products in Spreadsheet Plugin < 2.25.4 is vulnerable to Cross Site Scripting (XSS)

Software Bulk Edit Posts and Products in Spreadsheet Type Plugin Vulnerable versions 2.25.4 Fixed in 2.25.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3a91970ca500 Credits Rafi...

WordPress Plugin YARPP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

WordPress Delete Duplicate Posts Plugin < 4.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Delete Duplicate Posts Type Plugin Vulnerable versions 4.8.9 Fixed in 4.8.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer CleverPlugins.com PSID 697dcfa11c60 Credits Rafie Muhammad Patchstack...

WordPress Delete old Posts automatically Plugin < 3.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Delete old Posts automatically Type Plugin Vulnerable versions 3.3.9 Fixed in 3.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 46270e2e981b Credits Rafie Muhammad...

WordPress Restrict Posts based on Conditions – Conditional Post Restrictions Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Restrict Posts based on Conditions – Conditional Post Restrictions Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress Tabs with Recommended Posts (Widget) Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Tabs with Recommended Posts Widget Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a781c6b9a217 Credits Rafie Muhammad...

WordPress Mass Pages/Posts Creator Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Mass Pages/Posts Creator Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e259a062e790 Credits Rafie Muhammad Patchsta...