PT-2023-14657 · WordPress · Webtoffee Wordpress Comments Import & Export

Name of the Vulnerable Software and Affected Versions: WebToffee WordPress Comments Import & Export versions 2.3.1 and earlier Description: The issue is related to the improper neutralization of formula elements in a CSV file. This can potentially lead to unintended consequences when importing or...

WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Comments Ratings Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23702 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7f7df4a9e3a3 Credits yuyudhn Required privile...

WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Comments Ratings Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45654 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3bde0ca43cfe Credits Mika Required...

WordPress Comments by Startbit Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Comments by Startbit Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5295 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 790370410166 Credits István Márton Required...

WordPress Comments Ratings Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Comments Ratings Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23704 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cfc969289e49 Credits yuyudhn Required...