CVE-2022-41612 WordPress Similar Posts Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Shareaholic Similar Posts plugin = 3.1.6 versions...

CVE-2022-41612

CVE-2022-41612 affects the WordPress plugin Similar Posts (versions

Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites

Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri revealed in a report published last week. The plugin in question is Eval PHP, released by a developer named flashpixx. It allows users...

WordPress plugin Similar Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-2169

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...

CVE-2023-2170

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...

CVE-2023-2169

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...

CVE-2023-2169

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...

CVE-2023-2170

CVE-2023-2170 concerns the WordPress TaxoPress plugin (up to version 3.6.4). The vulnerability is a stored Cross-Site Scripting (XSS) in Related Posts functionality caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access with Editor+ permissions, ...

CVE-2023-2169 TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...

CVE-2023-2170 TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...

Kodex Posts likes <= 2.4.3 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to SQL Injection

Software Email posts to subscribers Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46818 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID ac023e13840e Credits Le Ngoc Anh Required privilege...

WordPress Kodex Posts likes Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Kodex Posts likes Type Plugin Vulnerable versions = 2.4.3 Fixed in 2.5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46814 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1b6d8291d63f Credits minhtuanact...

CVE-2022-44632

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Denis Buka Content Repeater – Custom Posts Simplified plugin = 1.1.13 versions...

Hiding in Plain Sight: Cross-Site Scripting Vulnerabilities Patched in Weaver Products

On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical Cross-Site Scripting vulnerabilities in the Weaver Xtreme theme and the Weaver Show Posts plugin, which each have over 10,000 installations. The plugin developer responded...

CVE-2022-44632

CVE-2022-44632 affects the WordPress plugin Denis Buka Content Repeater – Custom Posts Simplified (components: WordPress plugin; vulnerable versions: ≤ 1.1.13). The issue is a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. The root cause is no...

WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting

On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical Cross-Site Scripting vulnerabilities in the Weaver Xtreme theme and the Weaver Show Posts plugin, which each have over 10,000 installations. The plugin developer responded...

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in the WordPress plugin User Submitted Posts, which is caused by incorrect validation of file extensions by the usp_check_images function. An attacker can exploit this vulnerability to upload malicious files and execute arbitrary code on a vulnerable system.

Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 version v1.6.0-639, which stems from the AP4TrunAtom::SetDataOffsetint function in Ap4TrunAtom.h containing a segmentation violation. An attacker can exploit this vulnerabili...

WordPress Plugin Denis Buka Content Repeater – Custom Posts Simplified 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...