Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2016-10878: WordPress Plugin for Google Maps – WP MAPS

The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.

CVE
#sql#xss#csrf#vulnerability#web#google#js#git#wordpress#php#ssl
CVE-2019-14948

The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.

CVE-2019-14787: Newsletters

The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.

CVE-2019-14792

The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.

CVE-2019-14683: Import and export users and customers

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.

CVE-2019-14774

The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter.