CVE-2023-48745

CVE-2023-48745 affects the WordPress plugin Captcha Code by WebFactory Ltd. It is caused by improper restriction of excessive authentication attempts, enabling a bypass of captcha protection. Affected versions are

CVE-2023-48318

CVE-2023-48318 is a CAPTCHA bypass vulnerability in WordPress plugin Contact Form Email (

CVE-2023-48290

Form Maker by 10Web WordPress plugin

CVE-2023-47513

The CVE-2023-47513 entry concerns ARI Stream Quiz for WordPress (ARI Stream Quiz plugin). Affected software: ARI Stream Quiz versions up to and including 1.3.2. Root cause: Improper handling/neutralization of script-related HTML tags enabling content injection (Basic XSS). Impact: potential code ...

CVE-2023-47189

CVE-2023-47189 affects WordPress Defender Security plugin versions

CVE-2023-46630

CVE-2023-46630 affects WordPress Admin and Site Enhancements (ASE) plugin versions up to 5.7.1. The issue is an unauthenticated bypass of Password Protection Mode due to a flawed authentication flow (reported as bypass via the maybe_process_login path), allowing access to password-protected conte...

CVE-2023-46310

CVE-2023-46310 describes a Content Injection vulnerability in the WordPress plugin wpDiscuz (gVectors Team) affecting versions up to 7.6.10. The issue is due to improper neutralization of script-related HTML tags, enabling code injection via wpDiscuz content. Public sources in the connected docum...

CVE-2023-45009

CVE-2023-45009 is a CAPTCHA/Honeypot plugin vulnerability for WordPress Contact Form 7 (Captcha/Honeypot for Contact Form 7 by Forge12 Interactive GmbH). It allows bypass of authentication-related checks due to improper restriction of excessive authentication attempts in versions up to 1.11.3. Pu...

CVE-2024-31329

CVE-2024-31329 is documented in the Wear OS June 2024 security bulletin as a System-component elevation of privilege (EoP) with High severity. The bulletin notes it could lead to local EoP with no additional execution privileges. Affected devices should apply the 2024-06-01 patch level (or later)...

CVE-2024-5027

CVE-2024-5027 affects Citrix Workspace app for Mac (pre-2402.10). Elevation of privilege from a local authenticated user to root is possible. Remedy: upgrade to Citrix Workspace app for Mac 2402.10 or later (per CTX675851). If details on root-cause are not provided, note that explicit root-cause ...

github.com/huandu/facebook may expose access_token in error message.

Summary accesstoken can be exposed in error message on fail in HTTP request. Details Using this module, when HTTP request fails, error message can contain accesstoken. This can be happen when: - module is sending HTTP request with query parameter ?accesstoken=.... - and HTTP request fails errors...

CVE-2024-27971

CVE-2024-27971 is a path traversal causing unauthenticated local file inclusion in the WordPress plugin Premmerce Permalink Manager for WooCommerce . The issue affects versions from before 2.3.11 (i.e., up to 2.3.10) and stems from improper limitation of a pathname to a restricted directory. Publ...

CVE-2024-27955

CVE-2024-27955 is a CSRF to Privilege Escalation vulnerability in the WordPress Automatic Plugin (WP Automatic) affecting versions up to 3.92.0. Exploitation could lead to privilege escalation. The vulnerability is marked as patched; remediation is to upgrade to the patched version (3.92.0 or lat...

CVE-2024-27954

WordPress Automatic plugin

CVE-2024-24869

CVE-2024-24869 affects BoldGrid Total Upkeep (WordPress plugin)

CVE-2024-24715

CVE-2024-24715 refers to the WordPress plugin BookIt (The Booking Calendar) and affects versions

CVE-2024-22157

CVE-2024-22157 is an unauthenticated privilege-escalation vulnerability in the WordPress plugin SalesKing (

CVE-2024-22139

CVE-2024-22139 (WordPress Manutenção) is an unauthenticated authentication bypass arising from IP spoofing, affecting WordPress Manutenção versions up to and including 1.0.6. The root cause involves insufficient validation of IP addresses in maintaining mode, enabling bypass of the maintenance re...

CVE-2023-51483

CVE-2023-51483 affects Glowlogix WP Frontend Profile for WordPress. The vulnerability is an Unauthenticated Privilege Escalation caused by Improper Privilege Management in the plugin, impacting WP Frontend Profile versions up to 1.3.1. Public disclosures in the connected documents confirm the iss...

CVE-2023-51479

CVE-2023-51479 is an authenticated privilege-escalation vulnerability in the WordPress plugin Build App Online . The issue affects versions