PT-2024-39356 · WordPress · Osm – Openstreetmap

Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's osm map and osm map v3 shortcodes due to insufficient input sanitization and outpu...

PT-2023-25773 · WordPress · Activitypub

Name of the Vulnerable Software and Affected Versions: ActivityPub WordPress plugin versions prior to 1.0.0 Description: The issue allows any authenticated user to retrieve the title of arbitrary posts, including drafts and private ones, via an IDOR vector. This occurs because the plugin does not...

PT-2023-27410 · WordPress · Simple Blog Card

Name of the Vulnerable Software and Affected Versions: Simple Blog Card WordPress plugin version 1.32 and earlier Description: The issue allows any authenticated user to retrieve arbitrary post titles and their content, including drafts, private posts, and password-protected ones, because the...

CVE-2023-0546 FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field

The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to...

CVE-2022-4758 10WebMapBuilder < 1.0.72 - Contributor+ Stored XSS via Shortcode

The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...