173 matches found
WordPress Campaign Monitor for WordPress plugin <= 2.8.15 - Unauthenticated Full Path Disclosure vulnerability
Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Campaign Monitor for WordPress versions = 2.8.15...
PT-2024-37453 · WordPress · Duplicator
Name of the Vulnerable Software and Affected Versions: Duplicator plugin for WordPress versions up to, and including, 1.5.9 Description: The issue allows unauthenticated attackers to obtain the full path to instances, which may be used in combination with other vulnerabilities or to simplify...
DEBIAN-CVE-2024-31111
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,...
UBUNTU-CVE-2024-31111
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,...
WordPress plugin Olive One Click Demo Import security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-26948 · WordPress · Easyevent
Name of the Vulnerable Software and Affected Versions: EasyEvent WordPress plugin versions 1.0.0 and earlier Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks, even when unfiltered html is disallowed, due to the plugin not sanitizing and...
PT-2024-18062 · Livemesh · Elementor Addons
Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the text alignment attribute...
PT-2024-22793 · Kadence Blocks · The Gutenberg Blocks By Kadence Blocks
Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress versions up to, and including, 3.2.31 Description: The issue is related to Stored Cross-Site Scripting via the CountUp Widget due to insufficient input...
PT-2024-23049 · WordPress · Fancy Comments
Name of the Vulnerable Software and Affected Versions: Fancy Comments WordPress versions 1.2.14 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious...
PT-2024-19463 · WordPress · The Droit Elementor Addons
Name of the Vulnerable Software and Affected Versions: The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress versions up to, and including, 3.1.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...
PT-2024-17810 · WordPress · Sunshine Photo Cart
Name of the Vulnerable Software and Affected Versions: The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress versions up to, and including, 3.0.24 Description: The issue allows unauthenticated attackers to extract sensitive data, including customer email and physic...
CVE-2023-45074
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for...
PT-2023-15174 · WordPress · Wp Cerber Security
Name of the Vulnerable Software and Affected Versions: WP Cerber Security plugin for WordPress versions up to, and including, 9.1 Description: The issue allows unauthenticated attackers to inject arbitrary web scripts in pages via the log parameter when logging in to the site. This makes it...
UBUNTU-CVE-2023-39999
Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4...
PT-2023-29786 · WordPress · Affiliatewp
Name of the Vulnerable Software and Affected Versions: AffiliateWP for WordPress versions up to, and including, 2.14.0 Description: The issue allows authenticated attackers with subscriber-level access and above to modify data without authorization due to a missing capability check on the affwp...
PT-2023-23291 · WordPress · Mainwp Child
Name of the Vulnerable Software and Affected Versions: MainWP Child plugin for WordPress versions up to, and including, 4.4.1.1 Description: The issue allows unauthenticated attackers to extract sensitive data, including the entire installation's database, due to insufficient controls on the...
PT-2023-16556 · Unknown +1 · Weglot Translate +1
Name of the Vulnerable Software and Affected Versions: Under Construction plugin for WordPress versions up to and including 3.96 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the install weglot function called via the admin action...
PT-2023-12489 · WordPress · Wp Quick Frontend Editor
Name of the Vulnerable Software and Affected Versions: WP Quick FrontEnd Editor plugin for WordPress versions up to and including 5.5 Description: The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with minimal permissions to inject arbitra...
PT-2023-19447 · Vcita · Online Booking & Scheduling Calendar For Wordpress
Name of the Vulnerable Software and Affected Versions: The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress versions up to, and including, 4.2.10 Description: The issue is related to a missing nonce check on the vcita logout callback function, which makes it possib...
CVE-2023-2549
The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a ne...