Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2022-44582: WordPress Apptivo Business Site CRM plugin <= 3.0.12 - Auth. Stored Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apptivo Apptivo Business Site CRM plugin <= 3.0.12 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-30616: CSRF due to missing nonce verification

Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability.

WordPress PowerPress 10.0 Cross Site Scripting

WordPress PowerPress plugin versions 10.0 and below suffer from a persistent cross site scripting vulnerability.

CVE-2014-125099: Release 3.7.3: Fixed a Possible SQL injection vulnerability reported by [Oskar Adin]… · wp-plugins/i-recommend-this

A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The name of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability.

CVE-2023-2170: Diff [2774153:2868795] for simple-tags/trunk – WordPress Plugin Repository

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting

WordPress Weaver Xtreme theme versions 5.0.7 and below and Weaver Show Posts plugin versions 1.6 and below suffer from a persistent cross site scripting vulnerability.

CVE-2022-45836: WordPress Download Manager plugin <= 3.2.59 - Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions.

CVE-2022-44632: WordPress Content Repeater plugin <= 1.1.13 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denis Buka Content Repeater – Custom Posts Simplified plugin <= 1.1.13 versions.

CVE-2022-45838: WordPress ARForms Form Builder plugin <= 1.5.5 - Unauth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARForms Form Builder plugin <= 1.5.5 versions.

CVE-2022-45839: WordPress WHA Puzzle plugin <= 1.0.9 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions.