Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-45772: WordPress Proofreading plugin <= 1.0.11 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Proofreading plugin <= 1.0.11 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-45758: WordPress Amministrazione Trasparente plugin <= 8.0.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Amministrazione Trasparente plugin <= 8.0.2 versions.

CVE-2023-45764: WordPress Scroll post excerpt plugin <= 8.0 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Scroll post excerpt plugin <= 8.0 versions.

CVE-2023-45769: WordPress WP Report Post plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions.

CVE-2023-45768: WordPress Next Page plugin <= 1.5.2 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephanie Leary Next Page plugin <= 1.5.2 versions.

CVE-2023-45761: WordPress Sendle Shipping plugin <= 5.14 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Joovii Sendle Shipping Plugin plugin <= 5.13 versions.

CVE-2023-45770: WordPress Fast WP Speed plugin <= 1.0.0 - Reflected Cross-Site Scripting vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpspeed Fast WP Speed plugin <= 1.0.0 versions.

CVE-2023-45960: GitHub - joker-xiaoyan/XXE-SAXReader

** DISPUTED ** An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function. NOTE: the vendor and original reporter indicate that this is not a vulnerability because setFeature only sets features, which "can be safe in one case and unsafe in another."

CVE-2023-46543: Digging/TOTOLINK/X2000R/16/1.md at main · XYIYM/Digging

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey.

CVE-2023-46545: Digging/TOTOLINK/X2000R/17/1.md at main · XYIYM/Digging

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc.