#wordpress

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce plugin <= 2.4.0 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in All My Web Needs Logo Scheduler plugin <= 1.2.0 versions.

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.5 versions.

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.

Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability in PHPRADAR Woocommerce Tip/Donation plugin <= 1.2 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Balasaheb Bhise Advanced Youtube Channel Pagination plugin <= 1.0 version.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Praveen Goswami Advanced Category Template plugin <= 0.1 versions.