CVE-2023-3519

creationtimestamp| type| source ---|---|--- 2023-07-14 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1069 2023-07-18 13:18:11+00:00| seen| https://www.cert.at/de/warnungen/2023/7/sicherheitslucken-teil-kritisch-in-citrixnetscaler-adc-und-gateway-updates-verfugbar...

CVE-2023-2561

The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the galleryremove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to posts and pages with th...

CVE-2023-35778

Cross-Site Request Forgery CSRF vulnerability in Neha Goel Recent Posts Slider plugin = 1.1 versions...

CVE-2023-35778

CVE-2023-35778 corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Recent Posts Slider (

WordPress Plugin Recent Posts Slider 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2023-3219

The EventON WordPress plugin before 2.1.2 does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the...

CVE-2023-3219

The EventON WordPress plugin before 2.1.2 does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the...

CVE-2015-10119

A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function actionadminnoticesactivation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiat...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function actionadminnoticesactivation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiat...

CVE-2015-10119

CVE-2015-10119 affects the WordPress View All Posts Page Plugin up to version 0.9.0. The issue resides in the action_admin_notices_activation function and enables cross-site scripting, with remote initiation possible. A fix is available in version 0.9.1; apply upgrade to address the vulnerability...

CVE-2015-10119 View All Posts Page Plugin view-all-posts-pages.php action_admin_notices_activation cross site scripting

A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function actionadminnoticesactivation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiat...

PT-2023-10297 · WordPress · View All Posts Page Plugin

Name of the Vulnerable Software and Affected Versions: View All Posts Page Plugin versions prior to 0.9.1 Description: A problematic issue has been found in the View All Posts Page Plugin on WordPress, affecting the action admin notices activation function of the file view-all-posts-pages.php. Th...

WordPress plugin view-all-posts-pages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-3541

A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /authorposts.php. The manipulation of the argument author with the input g6g12alert1o8sdm leads to cross site scripting. The attack can be...

PT-2023-25214 · Thinutech · Thinucms

Name of the Vulnerable Software and Affected Versions: ThinuTech ThinuCMS version 1.5 Description: A vulnerability has been found in an unknown functionality of the file /author posts.php. The manipulation of the argument author with the input g6g12alert1o8sdm leads to cross site scripting. The...

CVE-2021-4389

The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the savemetadata function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a...

CVE-2021-4389 WP Travel <= 4.4.6 - Cross-Site Request Forgery Bypass

The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the savemetadata function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a...

PT-2023-12513 · WordPress · Style Kits

Name of the Vulnerable Software and Affected Versions: The Style Kits plugin for WordPress versions up to, and including, 1.8.0 Description: The issue is due to missing or incorrect nonce validation on the update posts stylekit function, making it possible for unauthenticated attackers to update...

Missing Authorization

github.com/mattermost/mattermost-server is vulnerable to Missing Authorization. The vulnerability exists because the library fails to validate all parameters, allowing an authenticated attacker to edit arbitrary posts on the channel through the /dialog API...

CVE-2023-34028

Cross-Site Request Forgery CSRF vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin = 1.0.7 versions...