Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-33208: WordPress Cookie Monster plugin <= 1.51 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-33317: WordPress WooCommerce Warranty Requests plugin <= 2.1.6 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions.

CVE-2023-25462: WordPress WP htaccess Control plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP htaccess Control plugin <= 3.5.1 versions.

CVE-2023-33325: WordPress Leyka plugin <= 3.30.1 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.1 versions.

CVE-2023-33320: WordPress WP-Hijri plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mohammad I. Okfie WP-Hijri plugin <= 1.5.1 versions.

CVE-2023-33210: WordPress nuajik CDN plugin <= 0.1.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuajik plugin <= 0.1.0 versions.

CVE-2023-33929: WordPress Easy Admin Menu plugin <= 1.3 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin <= 1.3 versions.

Korea Blockchain Week 2023: Presenting Web3’s Leading Voices

By Owais Sultan Korea Blockchain Week 2023 brings together the most sought-after builders, enterprises, thought leaders and innovators to spark crucial… This is a post from HackRead.com Read the original post: Korea Blockchain Week 2023: Presenting Web3’s Leading Voices

CVE-2023-4600: Changelog - AffiliateWP

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwp_activate_addons_page_plugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins.

CVE-2023-32597: WordPress Video Gallery plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <= 1.0.10 versions.