Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-47839: WordPress eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress
CVE-2023-47835: WordPress ARI Stream Quiz plugin <= 1.2.32 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 versions.

CVE-2023-40002: WordPress Booster for WooCommerce plugin <= 7.1.1 - Authenticated Arbitrary WordPress Option Disclosure Vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce plugin <= 7.1.1 versions.

CVE-2023-47834: WordPress Quiz And Survey Master plugin <= 8.1.13 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master plugin <= 8.1.13 versions.

CVE-2023-47833: WordPress Theater for WordPress plugin <= 0.18.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress plugin <= 0.18.3 versions.

CVE-2023-47790: WordPress Pz-LinkCard plugin <= 2.4.8 - Cross Site Request Forgery (CSRF) to XSS vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions.

CVE-2023-47668: WordPress Restrict Content plugin <= 3.2.7 - Sensitive Data Exposure via Log File vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin <= 3.2.7 versions.

CVE-2023-23978: WordPress WP Client Reports plugin <= 1.0.16 - Subscriber+ Sensitive Data Exposure - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SwitchWP WP Client Reports plugin <= 1.0.16 versions.

CVE-2023-48107: Heap-buffer-overflow in mz_os.c:71 mz_path_has_slash · Issue #739 · zlib-ng/minizip-ng

Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file.

CVE-2023-48105: My bytecode.com Test Site

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.