Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-23889: WordPress Quick Paypal Payments plugin <= 5.7.25 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-25485: WordPress JSON Content Importer plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <= 1.3.15 versions.

CVE-2023-25793: WordPress Link Juice Keeper plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin <= 2.0.2 versions.

A Security Team Is Turning This Malware Gang’s Tricks Against It

The cybercriminals behind the Gootloader malware have found clever ways to avoid detection. But researchers are using those same mechanisms to stop them.

CVE-2023-25484: WordPress Simple Yearly Archive plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliver Schlöbe Simple Yearly Archive plugin <= 2.1.8 versions.

CVE-2022-47608: WordPress Quick Contact Form plugin <= 8.0.3.1 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.

WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization

WordPress Shield Security Smart Bot Blocking and Intrusion Prevention plugin versions 17.0.17 and below suffer from cross site scripting and missing authorization vulnerabilities.

CVE-2023-27619: WordPress Regina Lite theme <= 2.0.7 - Reflected Cross Site Scripting (XSS) - Patchstack

Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <= 2.0.7 versions.

CVE-2023-25710: WordPress Click to Call or Chat Buttons plugin <= 1.4.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin <= 1.4.0 versions.

CVE-2023-25490: WordPress Archivist – Custom Archive Templates plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions.