Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-22698: WordPress Theme Blvd Responsive Google Maps plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason Bobich Theme Blvd Responsive Google Maps plugin <= 1.0.2 versions.

CVE
Open in Source
#xss#vulnerability#web#google#wordpress#auth
CVE-2023-22718: WordPress User Meta Manager plugin <= 3.4.9 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User Meta Manager plugin <= 3.4.9 versions.

CVE-2022-44743: WordPress Jobs for WordPress plugin <= 2.5.11.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.11.2 versions.

CVE-2022-44594: WordPress All in One Time Clock Lite plugin <= 1.3.320 - Auth. Stored Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin <= 1.3.320 versions.

CVE-2023-24386: WordPress AI Contact Us Form plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin <= 1.0 versions.

CVE-2023-24404: WordPress Marketing Performance plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions.

CVE-2022-44631: WordPress 1app Business Forms plugin <= 1.0.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1app Technologies, Inc 1app Business Forms plugin <= 1.0.0 versions.

CVE-2022-44582: WordPress Apptivo Business Site CRM plugin <= 3.0.12 - Auth. Stored Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apptivo Apptivo Business Site CRM plugin <= 3.0.12 versions.

CVE-2023-30616: CSRF due to missing nonce verification

Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability.

WordPress PowerPress 10.0 Cross Site Scripting

WordPress PowerPress plugin versions 10.0 and below suffer from a persistent cross site scripting vulnerability.