CVE-2024-2643 My Sticky Bar < 2.6.8 - Admin+ Stored XSS

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...

WordPress FS Poster plugin <= 6.5.8 - Subscriber+ Site Wide Broken Access Control vulnerability

Subscriber+ Site Wide Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin FS Poster versions = 6.5.8...

CVE-2024-13626 VR Frases <= 3.0.1 - Reflected XSS

The VR-Frases collect & share quotes WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-12457 Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vchat' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escapi...

WordPress EventON Pro Plugin <= 4.6.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventON Pro Type Plugin Vulnerable versions = 4.6.8 Fixed in 4.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6243 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3df0e9a42423 Credits Francesco Carlucci Require...

CVE-2024-0382

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 9.1.0 due to unrestricted use of the 'headertag' attribute. This makes it possible for authenticated attackers with contributor-level and above...

PT-2023-12489 · WordPress · Wp Quick Frontend Editor

Name of the Vulnerable Software and Affected Versions: WP Quick FrontEnd Editor plugin for WordPress versions up to and including 5.5 Description: The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with minimal permissions to inject arbitra...

WordPress has an unspecified vulnerability (CNVD-2018-09681)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress version 4.9.5. No details of the vulnerability are provided at...

The &#8220;Unhackable&#8221; WordPress Blog &#8211; Finding Security In the Static

Using the word “unhackable” is generally considered a bad ideaTM due to this being a largely unobtainable feat with software. In this post I attempt to get as close to “unhackable” as possible with my own personal blog the one you’re reading right now. I have designed the process in such a way th...