CVE-2023-23972

CVE-2023-23972 concerns the WordPress plugin “Social Like Box and Page by WpDevArt” (Smplug-in) up to version 0.8.39. The issue is a stored XSS vulnerability that requires admin+ privileges to exploit. The underlying cause is improper sanitization/escaping in the plugin’s inputs, enabling a high-...

PT-2023-19327 · Wpdevart · Smplug-In Social Like Box/Page By Wpdevart

Name of the Vulnerable Software and Affected Versions: Smplug-in Social Like Box and Page by WpDevArt plugin versions 0.8.39 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For...

CVE-2023-23870

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 versions...

CVE-2023-23983

Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...

PT-2023-19337 · Wpdevart · Wpdevart Responsive Vertical Icon Menu Plugin

Name of the Vulnerable Software and Affected Versions: wpdevart Responsive Vertical Icon Menu plugin version 1.5.8 and earlier Description: A Cross-Site Request Forgery CSRF issue in the wpdevart Responsive Vertical Icon Menu plugin can lead to theme deletion. Recommendations: For versions 1.5.8...

PT-2023-19549 · Wpdevart · Wpdevart Booking Calendar

Name of the Vulnerable Software and Affected Versions: WpDevArt Booking calendar, Appointment Booking System plugin versions = 3.2.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that affects plugin forms actions, including create, duplicate, edit, and delete...

CVE-2023-0177 Social Like Box and Page by WpDevArt < 0.8.41 - Contributor+ Stored XSS

The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

Social Like Box and Page by WpDevArt < 0.8.41 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wpdevartlikebox height='"...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...