Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-32966: WordPress Jazz Popups plugin <= 1.8.7 - Cross Site Request Forgery (CSRF) leading to XSS vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups leads to Stored XSS.This issue affects Jazz Popups: from n/a through 1.8.7.

CVE
#xss#csrf#vulnerability#wordpress#auth
CVE-2022-42882: WordPress Simple CSV/XLS Exporter plugin <= 1.5.8 - Authenticated CSV Injection Vulnerability - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8.

CVE-2022-47181: WordPress Email Templates plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2.

CVE-2023-28499: WordPress Slide Anything plugin <= 2.4.9 - iFrame Injection to Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in simonpedge Slide Anything – Responsive Content / HTML Slider and Carousel plugin <= 2.4.9 versions.

CVE-2022-41616: WordPress Export Users Data CSV plugin <= 2.1 - Auth. CSV Injection vulnerability - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1.

CVE-2022-38702: WordPress WP CSV Exporter plugin <= 2.0 - Auth. CSV Injection Vulnerability - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0.

CVE-2022-46801: WordPress Site Reviews plugin <= 6.2.0 - Unauth. CSV Injection vulnerability - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0.

CVE-2022-46803: WordPress Simple Newsletter Plugin – Noptin plugin <= 1.9.5 - Unauth. CSV Injection vulnerability - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1.9.5.

CVE-2022-46802: WordPress Product Reviews Import Export for WooCommerce plugin <= 1.4.8 - Unauth. CSV Injection vulnerability - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8.

CVE-2023-5669: Featured Image Caption <= 0.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.