Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-3213: WP Mail SMTP Pro <= 3.8.0 - Missing Authorization to Information Dislcosure via is_print_page — Wordfence Intelligence

The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information.

CVE
#vulnerability#wordpress#intel#perl#auth
CVE-2023-5291: Changeset 2974261 for blog-filter – WordPress Plugin Repository

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress Contact Form Generator 2.5.5 Cross Site Scripting

WordPress Contact Form Generator plugin version 2.5.5 suffers from a cross site scripting vulnerability.

WordPress KiviCare 3.2.0 Cross Site Scripting

WordPress KiviCard plugin version 3.2.0 suffers from a cross site scripting vulnerability.

CVE-2023-27435: WordPress HTTP Auth plugin <= 0.3.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions.

CVE-2023-40558: WordPress Video Gallery & Management plugin <= 3.3.5 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions.

CVE-2023-41244: WordPress Localize Remote Images plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions.

CVE-2023-39158: WordPress Banner Management For WooCommerce plugin <= 2.4.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions.

CVE-2023-41693: WordPress MyCryptoCheckout plugin <= 2.125 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions.