Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <= 1.1 versions.

**Solution**

 No fix

Deactivate and delete. No reply from the vendor.

Dave Jong (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Upfrontwp Theme. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-24009: WordPress Upfrontwp theme <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin <= 2.5.5 versions.

**Solution**

 Fixed

Update the WordPress Contact Form Generator plugin to the latest available version (at least 2.6.0).

Arvandy discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Contact Form Generator Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.6.0.

**Other vulnerabilities in this plugin**

 0 present

 2 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-37988: WordPress Contact Form Generator plugin <= 2.5.5 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3 versions.

**Solution**

 Fixed

Update the WordPress Social Proof (Testimonial) Slider plugin to the latest available version (at least 2.2.4).

Found this useful? Thank yuyudhn for reporting this vulnerability. Buy a coffee ☕

yuyudhn discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Social Proof (Testimonial) Slider Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.2.4.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-24389: WordPress Social Proof (Testimonial) Slider plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arsham Mirshah Add Posts to Pages plugin <= 1.4.1 versions.

**Solution**

 No fix

No patched version is available. No reply from the vendor.

Found this useful? Thank Lana Codes for reporting this vulnerability. Buy a coffee ☕

Lana Codes discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Add Posts to Pages Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-23826: WordPress Add Posts to Pages plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions.

**Solution**

 Fixed

Update the WordPress Catalyst Connect Zoho CRM Client Portal plugin to the latest available version (at least 2.1.0).

Hoang Van Hiep - sk4rl1ghT discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Catalyst Connect Zoho CRM Client Portal Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.1.0.

**Other vulnerabilities in this plugin**

 0 present

 2 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2022-44629: WordPress Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions.

**Solution**

 No fix

No patched version is provided by the vendor.

Dave Jong (Patchstack) discovered and reported this Open Redirection vulnerability in WordPress Ninja Popups Plugin. This could allow a malicious actor to redirect users from one site to the other due to the redirect URL not being validated. Users could be tricked to visiting a legitimate site to then be redirected to a malicious site and cause a phishing incident. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2022-27861: WordPress Ninja Popups plugin <= 4.7.5 - Unauth. Open Redirect vulnerability - Patchstack

The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the 'process_change_profile_form' function. This makes it possible for unauthenticated attackers to change user email via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2023-4277: class-realia-post-type-user.php in realia/tags/1.4.0/includes/post-types – WordPress Plugin Repository

The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

1<?php2global $userdata;34/\*\*5 \* First we'll run the shortcode that displays the login form6 \* if the user isn't logged in. Otherwise it displays a logout link.7 \* This shortcode is found in Absolute Privacy's functions.php file8 \*/9echo do\_shortcode( '\[loginform\]' );1011/\*\*12 \* We'll only show any of this profile updating form if the user is logged in.13 \*/14if ( is\_user\_logged\_in() ) :15        require\_once( ABSPATH . WPINC . '/registration.php' ); //this file is needed for functions used below1617        $user\_id \= $userdata\->ID; //reassign the username variable to ensure everything is up to date18        $errors \= false;1920        if ( isset( $\_POST\['wp-submit'\] ) ) { // The form has been submitted2122                /\* Here we check for errors. We'll throw an error if the user has23                 \* left the first name, last name, or email address empty.24                 \*/25                if ( empty( $\_POST\['first\_name'\] ) || empty( $\_POST\['last\_name'\] ) || empty( $\_POST\['user\_email'\] ) ) {26                        $errors \= \_\_( 'You must enter a value for first name, last name, and email address.', 'absprivacy' );27                }282930                /\* Here we check if the user is trying to submit a new password.31                 \* We only update the password if there are no previous errors,32                 \* and if both inputted passwords match.33                 \*/34                if ( isset( $\_POST\['password'\] ) && false \=== $errors && ! empty( $\_POST\['password'\] ) ) {35                        if ( strtolower( $\_POST\['password'\] ) !== strtolower( $\_POST\['password2'\] ) || empty( $\_POST\['password2'\] ) ) {36                                $errors \= \_\_( 'Your passwords do not match.', 'absprivacy' );37                        } else {38                                wp\_set\_password( $\_POST\['password'\], $user\_id );39                        }40                }4142                if ( false \=== $errors ) { //no errors, so lets update the user43                        wp\_update\_user(44                                array(45                                     'ID'         \=> $user\_id,46                                     'first\_name' \=> htmlentities( trim( $\_POST\['first\_name'\] ) ),47                                     'last\_name'  \=> htmlentities( trim( $\_POST\['last\_name'\] ) ),48                                     'user\_email' \=> htmlentities( trim( $\_POST\['user\_email'\] ) )49                                )50                        );5152                        echo '<p class="profile\_updated"><em>' . \_\_( 'Your profile has been updated', 'absprivacy' ) . '</em></p>';53                } else {54                        echo '<p class="profile\_errors"><strong>ERROR:</strong> ' . $errors . '</p>';55                }56        }5758        $user \= new WP\_User( $user\_id ); // use this instead of $userdata so that the changes are reflected after a user updates the form59        ?>606162        <p><?php \_e( 'You may edit your profile using the form below.', 'absprivacy' ); ?></p>6364        <form name="profileform" action="" method="post">6566                <p>67                        <label for="first\_name"><?php \_e( 'First Name', 'absprivacy' ); ?></label>68                        <input type="text" name="first\_name" id="first\_name" class="input" value="<?php echo $user\->first\_name; ?>"69                               size="30" tabindex="10"/>70                </p>7172                <p>73                        <label for="last\_name"><?php \_e( 'Last Name', 'absprivacy' ); ?></label>74                        <input type="text" name="last\_name" id="last\_name" class="input" value="<?php echo $user\->last\_name; ?>"75                               size="30" tabindex="20"/>76                </p>777879                <p>80                        <label for="user\_email"><?php \_e( 'Email Address', 'absprivacy' ); ?></label>81                        <input type="text" name="user\_email" id="user\_email" class="input" value="<?php echo $user\->user\_email; ?>"82                               size="40" tabindex="30"/>83                </p>8485                <p><?php \_e( 'You may also change your password (optional).', 'absprivacy' ); ?></p>8687                <p>88                        <label for="password"><?php \_e( 'Password', 'absprivacy' ); ?></label>89                        <input type="password" name="password" id="password" class="input" value="" size="20" tabindex="40"/> <br/>90                        <label for="password2"><?php \_e( 'And Again', 'absprivacy' ); ?></label>91                        <input type="password" name="password2" id="password2" class="input" value="" size="20" tabindex="50"/>92                </p>9394                <input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php \_e( 'Submit Changes', 'absprivacy' ); ?>" tabindex="100"/>95        </form>96<?php endif; ?>

CVE-2023-4276: profile_page.php in absolute-privacy/trunk – WordPress Plugin Repository

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

Posted

August 10, 2023

in

Uncategorized

by

admin

Tags:

**Comments****One response to “Hello world!”**

1.  A WordPress Commenter
    
    August 9, 2023
    
    Hi, this is a comment.  
    To get started with moderating, editing, and deleting comments, please visit the Comments screen in the dashboard.  
    Commenter avatars come from Gravatar.
    
    Reply
    

**Leave a Reply**

Your email address will not be published. Required fields are marked \*

Comment \*

Name \*

Email \*

Website

Save my name, email, and website in this browser for the next time I comment.

Hello world!

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin.

**Description**

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin.

Wordfence blocked **1,044 attacks** targeting this vulnerability in the past 24 hours.

**References**

*   plugins.trac.wordpress.org
*   plugins.trac.wordpress.org

**Share**

**1 affected software package**

Software Type

Plugin

Software Slug

full-customer (view on wordpress.org)

Patched?

No

Remediation

No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Affected Version

*   <= 2.2.3

This record contains material that is subject to copyright.

**Copyright 2012-2023 Defiant Inc.**

**License:** Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. **Read more.**

**Copyright 1999-2023 The MITRE Corporation**

**License:** CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. **Read more.**

Have information to add, or spot any errors? Contact us at wfi-support@wordfence.com so we can make any appropriate adjustments.

All the threat data shared in this database is powered by **Wordfence Intelligence Enterprise**.  
Interested in integrating this data into your platform or network?  
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?  
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Tag

#wordpress