Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-24392: WordPress Full Width Banner Slider Wp plugin <= 1.1.7 - Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <= 1.1.7 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-24418: WordPress Tiny carousel horizontal slider plus plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions.

CVE-2023-23812: WordPress Enhanced WP Contact Form plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joost de Valk Enhanced WP Contact Form plugin <= 2.2.3 versions.

CVE-2023-22711: WordPress IMPress Listings plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Agent Evolution IMPress Listings plugin <= 2.6.2 versions.

CVE-2023-23789: WordPress Premmerce Redirect Manager plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions.

CVE-2023-23786: WordPress affiliate-toolkit plugin <= 3.3.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <= 3.3.3 versions.

CVE-2023-23701: WordPress Easy Sign Up plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin <= 3.4.1 versions.

CVE-2023-23788: WordPress Custom More Link Complete plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Florin Arjocu Custom More Link Complete plugin <= 1.4.1 versions.

CVE-2023-28932: WordPress WPMobile.App plugin <= 11.20 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.20 versions.

GHSA-6gp6-xj27-g89q: Duplicate Advisory: Cross-site Scripting (XSS) in name field of Custom Reports

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m6m9-gr85-79vm. This link is maintained to preserve external references. ## Original Description Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.