# wordpress

#csrf #vulnerability #web #wordpress #auth

CVE-2023-45109: WordPress WhitePage plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <= 1.1.5 versions.

1 year ago

WordPress Core 6.3.1 XSS / DoS / Arbitrary Shortcode Execution

WordPress Core versions prior to 6.3.2 suffer from arbitrary shortcode execution, cross site scripting, denial of service, and information leakage vulnerabilities. Versions prior to 6.3.2 are vulnerable.

1 year ago

Packet Storm

CVE-2023-4995: Embed Calendly <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

#sql #xss #vulnerability #web #dos #java #wordpress #intel #backdoor #rce #auth

The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

1 year ago

CVE-2023-45107: WordPress GoodBarber plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

#xss #vulnerability #web #wordpress #intel #perl #auth

Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions.

1 year ago

CVE-2023-45108: WordPress Mailrelay plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= 2.1.1 versions.

1 year ago

CVE-2023-39999: WordPress core < 6.3.2 - Contributor+ Comment Read on Private and Password Protected Post vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.

1 year ago

#vulnerability #wordpress #auth

CVE-2023-38000: WordPress core < 6.3.2 - Contributor+ Stored XSS in Navigation Links Block vulnerability - Patchstack

Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.

1 year ago

#xss #vulnerability #web #wordpress #auth

CVE-2023-45102: WordPress Blog Manager Light plugin <= 1.20 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <= 1.20 versions.

1 year ago