Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-5161: shortcode.php in modal-window/tags/5.3.5/public – WordPress Plugin Repository

The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
Open in Source
#sql#xss#web#js#wordpress#php#auth
CVE-2023-5135: Simple Cloudflare Turnstile <= 1.23.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-5162: Options for Twenty Seventeen <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-44207

Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

CVE-2023-43484: Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.

CVE-2023-41238: WordPress Social Media & Share Icons plugin <= 2.8.3 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UltimatelySocial Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.3 versions.

CVE-2023-43232: DedeBIZ下载 - DedeBIZ管理系统

A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.

CVE-2023-40604: WordPress Cookies by JM plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes Madsen Cookies by JM plugin <= 1.0 versions.

CVE-2023-40665: WordPress Save as Image plugin by Pdfcrowd plugin <= 2.16.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as Image plugin by Pdfcrowd plugin <= 2.16.0 versions.

CVE-2023-40605: WordPress Typing Effect plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digital Typing Effect plugin <= 1.3.6 versions.