Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

WordPress Abandoned Cart Lite for WooCommerce plugin versions 5.14.2 and below suffer from an authentication bypass vulnerability.

Packet Storm
Open in Source
#vulnerability#web#wordpress#intel#perl#auth
CVE-2023-35776: WordPress Sermon'e – Sermons Online plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions.

CVE-2023-35779: WordPress Seed Fonts plugin 2.3.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed Webs Seed Fonts plugin <= 2.3.1 versions.

CVE-2023-35772: WordPress Google Map Shortcode plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions.

CVE-2023-35775: WordPress WP Backup Manager plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backup Solutions WP Backup Manager plugin <= 1.13.1 versions.

CVE-2023-34373: WordPress Zephyr Project Manager plugin <= 3.3.93 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.

CVE-2022-46850: WordPress Easy Media Replace plugin <= 0.1.3 - Arbitrary File Deletion - Patchstack

Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions.

CVE-2023-33213: WordPress wpView plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields – wpView plugin <= 1.3.0 versions.

CVE-2022-47586: WordPress Ultimate Addons for Contact Form 7 plugin <= 3.1.23 - SQL Injection - Patchstack

Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.1.23 versions.

CVE-2023-2779

The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.