116 matches found
CVE-2023-30491
Unauth. Reflected Cross-Site Scripting XSS vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin = 2.1.8 versions...
CVE-2023-25036 WordPress Social Media Icons Widget Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin = 1.6 versions...
CVE-2023-25036 WordPress Social Media Icons Widget Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin = 1.6 versions...
WordPress Video Reviews / Video Widget Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Video Reviews / Video Widget Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7dac09181d24 Credits Rafie Muhammad...
WordPress Blog Sidebar Widget Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)
Software Blog Sidebar Widget Type Plugin Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7ae8bbf8a06a Credits Rafie Muhammad Patchstack...
CVE-2023-3369
CVE-2023-3369 refers to the About Me 3000 widget for WordPress. A Stored Cross-Site Scripting (XSS) flaw exists in admin settings for versions up to and including 2.2.6 due to insufficient input sanitization and output escaping. Impact is limited to authenticated attackers with administrator-leve...
CVE-2023-25468
Cross-Site Request Forgery CSRF vulnerability in Reservation.Studio Reservation.Studio widget plugin = 1.0.11 versions...
CVE-2023-25468
CVE-2023-25468 is a CSRF vulnerability in the Reservation.Studio widget plugin for WordPress, affecting versions
Cross site request forgery (csrf)
The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recievepost, bmcdisconnect, namepost, and widgetpost functions in versions up to, and including, 3.7. This makes it possible for unauthenticated...
WordPress Social Media Icons Widget Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Social Media Icons Widget Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25036 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8722155f6da Credits Mika Required...
CVE-2023-26539
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Max Chirkov Advanced Text Widget plugin = 2.1.2 versions...
CVE-2023-23831
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Rating-Widget Rating-Widget: Star Review System plugin = 3.1.9 versions...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Rating-Widget Rating-Widget: Star Review System plugin = 3.1.9 versions...
CVE-2023-23831
The CVE-2023-23831 vulnerability affects WordPress Rating-Widget: Star Review System plugin versions <= 3.1.9 ( Patchstack also references
CVE-2023-25474
Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...
CVE-2023-25474
Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...
CVE-2023-25474
CVE-2023-25474: CSRF vulnerability in the About Me 3000 widget for WordPress (Csaba Kissi) affecting versions 2.2.6 if available; PT-Security explicitly recommends CSRF token validation and restricting access to sensitive actions. Patch status is not consistently defined across documents; monito...
CVE-2015-10101
A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be...
CVE-2015-10101
CVE-2015-10101 affects the Google Analytics Top Content Widget plugin for WordPress (up to version 1.5.6). The public details indicate an issue in an unknown functionality of the file class-tgm-plugin-activation.php that enables cross-site scripting (XSS). The vulnerability can be exploited remot...