#web

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions.

By Waqas Cybercriminals are posing as legitimate NFT developers and employing sophisticated tactics to deceive unsuspecting victims. This is a post from HackRead.com Read the original post: FBI warns users of NFT theft by malicious developers

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <= 3.5.5 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <= 1.5.2 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.8 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin  <= 3.0.7 versions.