WordPress Swift Framework plugin <= 2.7.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcodes vulnerability discovered by Francesco Carlucci in WordPress Plugin Swift Framework versions = 2.7.31...

WordPress Swift Framework Plugin <= 2.7.31 is vulnerable to Broken Access Control

Software Swift Framework Type Plugin Vulnerable versions = 2.7.31 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3915 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f340f37317d4 Credits Francesco Carlucci Required...

Swift Framework <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content Update

Description The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sfeditdirectoryitem function in all versions up to, and including, 2.7.31. This makes it possible for unauthenticated attackers to update arbitrary post...

WordPress Pods Plugin <= 2.7.31 is vulnerable to Cross Site Scripting (XSS)

Software Pods Type Plugin Vulnerable versions = 2.7.31 Fixed in 2.8.23 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Pods Framework PSID c91e0056bf48 Credits Rafie Muhammad Patchstack Required privilege...