#wordpress

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin <= 2.2.6 versions.

Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal. Russian cybersecurity firm Kaspersky, which has been keeping tabs on the group's activities since mid-2020, characterized the adversary as both capable and stealthy. The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq,

Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More Excerpt Link plugin <= 1.6 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HTML plugin <= 2.1.7 vulnerability.

Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Theme Tweaker plugin <= 5.20 versions.

Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed Them Social plugin <= 3.0.2 versions.

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions.