CVE-2023-45000

CVE-2023-45000 is a Missing Authorization vulnerability affecting LiteSpeed Cache (WordPress) up to version 5.7, allowing unauthorized access via the API. The available documents confirm the issue and affected range but do not provide concrete exploitation details, affected sub-components, or a c...

CVE-2023-40000

LiteSpeed Cache (WordPress plugin)

CVE-2023-52144

CVE-2023-52144 is a Path Traversal in the RexTheme Product Feed Manager (WordPress plugin). Connected Red Hat/ENISA/NVD entries confirm this as an Improper Limitation of a Pathname to a Restricted Directory affecting RexTheme Product Feed Manager up to version 7.3.15. The Red Hat entry notes the ...

CVE-2024-2836

The CVE-2024-2836 entry refers to the WordPress plugin “Social Share, Social Login and Social Comments Plugin” (Super Socializer). Version range affected: before 7.13.64. Root cause: the plugin does not sufficiently sanitize/escape certain settings, enabling Cross-Site Scripting (XSS) for high-pr...

CVE-2024-1846

CVE-2024-1846 affects the WordPress plugin “Responsive Tabs” (versions before 4.0.7). The issue is a lack of validation/escaping of shortcode attributes, leading to Stored XSS when the shortcode is rendered in a post/page. The root cause is improper handling of attributes in the plugin’s output. ...

CVE-2024-1660

CVE-2024-1660 affects the WordPress Top Bar plugin prior to 3.0.5, where certain settings were not properly sanitised/escaped in the UI, enabling Stored XSS by high-privilege users (e.g., Administrators) even if unfiltered_html is disabled (including multisite setups). The Red Hat advisory mirror...

CVE-2024-1755

CVE-2024-1755 affects the WordPress plugin “NPS computy” up to version 2.7.5, where missing CSRF checks in certain code paths could allow an attacker to cause logged-in users to perform unintended actions. The issue is documented as CSRF across multiple sources, with a remediation stating that ve...

CVE-2024-1746

CVE-2024-1746 affects the WordPress plugin Testimonial Slider (versions prior to 2.3.8). The vulnerability stems from insufficient sanitization/escaping of certain plugin settings, allowing Stored XSS by high-privilege users (e.g., administrators) even when the unfiltered_html capability is disal...

CVE-2024-1712

The Carousel Slider WordPress plugin prior to version 2.2.7 does not sanitize/escape certain settings, allowing Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Affected versions:

CVE-2024-1310

CVE-2024-1310 affects WooCommerce for WordPress up to version 8.5.x (fixed in 8.6). The issue is aBroken Access Control: users with at least the contributor role could leak private, draft, or trashed products they should not access. Publicly documented by multiple sources (e.g., Patchstack, Red H...

CVE-2023-6067

The CVE-2023-6067 entry concerns WP User Profile Avatar for WordPress, where versions ≤ 1.0.1 fail to validate/escape shortcode attributes, enabling Stored XSS for users with Contributor+ privileges. Red Hat and NVD entries confirm the vulnerability; the provided documents do not specify a fixed ...

CVE-2023-7201

CVE-2023-7201 affects the Everest Backup WordPress plugin (versions prior to 2.2.5). The flaw allows high-privilege users (e.g., admin) to upload arbitrary files due to improper validation, including in multisite setups. Red Hat and CVE sources corroborate the same description. Remediation: upgra...

Kruxton 1.0 Shell Upload

Title: kruxton-1.0-FileUpload-RCE Author: nu11secur1ty Date: 04/15/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Reference: https://portswigger.net/web-security/file-upload Description: The system setting with paramete...

CVE-2024-2583

The CVE-2024-2583 entry concerns the WordPress plugin Shortcodes Ultimate (versions before 7.0.5). The vulnerability is a Stored XSS flaw caused by insufficient escaping of certain shortcode attributes before echoing back to users. Impactful for users with the Contributor role; requires user inte...

CVE-2023-51515

CVE-2023-51515 affects Uncode Core (WordPress plugin) up to version 2.8.8, with a Missing Authorization vulnerability enabling Privilege Escalation. Multiple sources confirm the issue and that a fix exists; remediation is to upgrade to a non-vulnerable version (patched). If upgrading is not immed...

CVE-2023-51499

CVE-2023-51499 affects the WordPress WooCommerce Shipping Per Product plugin. Connected sources describe a Missing Authorization/Broken Access Control flaw in versions up to 2.5.4, enabling unauthorized access to affected resources. Remediation per sources is to upgrade to a fixed version (2.5.5+...

CVE-2023-52211

The CVE-2023-52211 entry concerns the WordPress WP Job Manager plugin (

CVE-2022-40211

CVE-2022-40211 affects the WordPress GiveWP plugin

CVE-2023-6257

CVE-2023-6257 affects the WordPress plugin Inline Related Posts (before v3.6.0). The root cause is missing authorization in an AJAX action that serves post content to authenticated users, enabling subscribers to read content from password-protected posts. Reported base CVSS v3.1 score is 4.3 (Med...

CVE-2023-29483

CVE-2023-29483 affects dnspython (used with eventlet) and enables a remote attacker to interfere with DNS name resolution by sending an invalid UDP packet before a valid one (a TuDoor attack). Affected combo: eventlet before 0.35.2 used in dnspython before 2.6.0. The note indicates 2.6.0 is unusa...