Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-5357: Instagram for WordPress <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
#xss#vulnerability#web#wordpress#intel#perl#auth
CVE-2023-3213: WP Mail SMTP Pro <= 3.8.0 - Missing Authorization to Information Dislcosure via is_print_page — Wordfence Intelligence

The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information.

CVE-2023-5291: Changeset 2974261 for blog-filter – WordPress Plugin Repository

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress Contact Form Generator 2.5.5 Cross Site Scripting

WordPress Contact Form Generator plugin version 2.5.5 suffers from a cross site scripting vulnerability.

WordPress KiviCare 3.2.0 Cross Site Scripting

WordPress KiviCard plugin version 3.2.0 suffers from a cross site scripting vulnerability.

CVE-2023-27435: WordPress HTTP Auth plugin <= 0.3.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions.

CVE-2023-40558: WordPress Video Gallery & Management plugin <= 3.3.5 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions.

CVE-2023-41244: WordPress Localize Remote Images plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions.

CVE-2023-39158: WordPress Banner Management For WooCommerce plugin <= 2.4.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions.