Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-47695: WordPress Shortcodes Finder plugin <= 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Shortcodes Finder plugin <= 1.5.3 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-47690: WordPress Additional Order Filters for WooCommerce plugin <= 1.10 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bond Additional Order Filters for WooCommerce plugin <= 1.10 versions.

CVE-2023-4603: Star CloudPRNT for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting — Wordfence Intelligence

The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'printersettings' parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2023-32123: WordPress The7 — Website and eCommerce Builder for WordPress theme <= 11.7.3 - Cross-Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3.

CVE-2023-31230: WordPress Baidu Tongji generator plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2.

CVE-2023-35877: WordPress Extra User Details plugin <= 0.5 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through 0.5.

CVE-2023-39166: WordPress tagDiv Composer plugin < 4.4 - CSRF to XSS vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4.

CVE-2023-40335: WordPress Cleverwise Daily Quotes plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cleverwise Daily Quotes allows Stored XSS.This issue affects Cleverwise Daily Quotes: from n/a through 3.2.

CVE-2023-46092: WordPress Webmaster Tools plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Webmaster Tools allows Stored XSS.This issue affects Webmaster Tools: from n/a through 2.0.

CVE-2023-4775: Advanced iFrame <= 2023.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.