CVE-2024-2643

CVE-2024-2643 affects the WordPress plugin My Sticky Bar prior to version 2.6.8. The issue is a failure to sanitize/escape certain settings, enabling stored cross-site scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite setup...

CVE-2023-41857

CVE-2023-41857 affects the WordPress Click To Tweet plugin up to version 2.0.14, described as a Missing Authorization / Broken Access Control vulnerability. The initial description and connected entries do not provide an explicit remediation or patched version. CVSS v3.1 base score is 5.4 (Medium...

CVE-2023-47838

CVE-2023-47838 affects the WordPress plugin Conditional Fields for Contact Form 7 (cf7-conditional-fields). Root cause: Missing Authorization / Broken Access Control due to incorrectly configured access control levels, allowing exploitation by low-privilege users. Affected versions:

CVE-2023-44234

CVE-2023-44234 affects the WordPress WP GPX Maps plugin (WP GPX Maps) up to version 1.7.08. Root cause: Missing Authorization (Broken Access Control) allows access to resources without proper permission validation. Documented severity is low (CVSS ~4.3). Public references indicate the vulnerabili...

CVE-2023-51682

CVE-2023-51682 : Missing Authorization vulnerability in MC4WP (Mailchimp for WordPress) affecting MC4WP

CVE-2023-51511

CVE-2023-51511 involves Booster Elite for WooCommerce (Pluggabl LLC) with an improper authentication vulnerability that allows accessing functionality not properly constrained by ACLs. Affected software: Booster Elite for WooCommerce prior to version 7.1.3. Public references indicate a base CVSS ...

CVE-2023-41651

CVE-2023-41651 corresponds to a WordPress plugin vulnerability in the Multi-column Tag Map plugin (versions