Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-40680: WordPress Yoast SEO plugin <= 21.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0.

CVE
Open in Source
#xss#vulnerability#web#wordpress
CVE-2023-40674: WordPress Simple URLs plugin <= 118 - Shortcode Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management: from n/a through 118.

CVE-2023-41128: WordPress WP Roadmap plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design WP Roadmap – Product Feedback Board allows Stored XSS.This issue affects WP Roadmap – Product Feedback Board: from n/a through 1.0.8.

CVE-2023-41127: WordPress Evergreen Content Poster plugin <= 1.3.6.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media allows Stored XSS.This issue affects Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media: from n/a through 1.3.6.1.

CVE-2023-48284: WordPress Decorator – WooCommerce Email Customizer plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7.

CVE-2023-48283: WordPress Simple Testimonials Showcase plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Testimonials Showcase allows Cross Site Request Forgery.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5.

CVE-2023-32291: WordPress MonsterInsights Pro plugin <= 8.14.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MonsterInsights Pro allows Stored XSS.This issue affects MonsterInsights Pro: from n/a through 8.14.1.

CVE-2023-38474: WordPress Campaign Monitor for WordPress plugin <= 2.8.12 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Reflected XSS.This issue affects Campaign Monitor for WordPress: from n/a through 2.8.12.

CVE-2023-48282: WordPress Taxonomy filter plugin <= 2.2.9 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery.This issue affects Taxonomy filter: from n/a through 2.2.9.

CVE-2023-49733

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.