Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-29094: WordPress Product page shipping calculator for WooCommerce plugin <= 1.3.20 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.20 versions.

CVE
#xss#vulnerability#web#wordpress#auth
CVE-2023-25712: WordPress Opt-Out for Google Analytics plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin <= 2.3.4 versions.

CVE-2023-25711: WordPress WPGlobus Translate Options plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <= 2.1.0 versions.

CVE-2023-25702: WordPress Quick Paypal Payments plugin <= 5.7.25 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

CVE-2023-25464: WordPress Twitch Player plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin <= 2.1.0 versions.

CVE-2023-25713: WordPress Quick Paypal Payments plugin <= 5.7.25 - Cross Site Scripting (XSS) - Patchstack

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

CVE-2023-25705: WordPress WP Prayer plugin <= 1.9.6 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go Prayer WP Prayer plugin <= 1.9.6 versions.

CVE-2023-1726

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proliz OBS allows Stored XSS for an authenticated user.This issue affects OBS: before 23.04.01.

CVE-2023-25716: WordPress Announce from the Dashboard plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions.

CVE-2023-25049: WordPress eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions.