Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin = 3.2.3 versions affects plugin forms actions create, duplicate, edit, delete...

CVE-2023-24388

The CVE-2023-24388 entry affects the WpDevArt Booking calendar, Appointment Booking System plugin for WordPress, specifically versions <= 3.2.3. The root cause is a Cross-Site Request Forgery (CSRF) vulnerability impacting plugin form actions (create, duplicate, edit, delete). Several connecte...

CVE-2023-24388 WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin = 3.2.3 versions affects plugin forms actions create, duplicate, edit, delete...

PT-2023-19549 · Wpdevart · Wpdevart Booking Calendar

Name of the Vulnerable Software and Affected Versions: WpDevArt Booking calendar, Appointment Booking System plugin versions = 3.2.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that affects plugin forms actions, including create, duplicate, edit, and delete...

CVE-2023-0177 Social Like Box and Page by WpDevArt < 0.8.41 - Contributor+ Stored XSS

The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2023-0177 Social Like Box and Page by WpDevArt < 0.8.41 - Contributor+ Stored XSS

The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

WordPress plugin Social Like Box and Page by WpDevArt 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Social Like Box and Page by WpDevArt < 0.8.41 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wpdevartlikebox height='"...

WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

Software YouTube Embed, Playlist and Popup by WpDevArt Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24002 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b671b670100b...

Social Like Box and Page by WpDevArt < 0.8.41 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wpdevartlikebox height='"...

Social Like Box and Page by WpDevArt < 0.8.40 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its select elements, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Social Like Box and Page by WpDevArt Plugin <= 0.8.39 is vulnerable to Cross Site Scripting (XSS)

Software Social Like Box and Page by WpDevArt Type Plugin Vulnerable versions = 0.8.39 Fixed in 0.8.40 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23972 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 64595d0f3f2d Credits...

CVE-2022-34656

The CVE-2022-34656 entry concerns the WordPress plugin “wpdevart Poll, Survey, Questionnaire and Voting system” (versions

CVE-2022-34656 WordPress Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Cross-Site Scripting XSS vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin = 1.7.4 at WordPress...

WordPress plugin wpdevart Poll，Survey，Questionnaire and Voting system 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2022-22274 · WordPress · Wpdevart Poll

Name of the Vulnerable Software and Affected Versions: wpdevart Poll, Survey, Questionnaire and Voting system plugin versions = 1.7.4 Description: The issue is an Authenticated Cross-Site Scripting XSS vulnerability. It affects the wpdevart Poll, Survey, Questionnaire and Voting system plugin at...

CVE-2022-0876

The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-0876

The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfilteredhtml is disallowed...

Cross site scripting

The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-0876 Social comments by WpDevArt < 2.5.0 - Admin+ Stored Cross-Site Scripting

The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfilteredhtml is disallowed...