Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Wordpress
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-28172 |
Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions. Published: November 12, 2023; 6:15:09 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-29428 |
Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin <= 1.1.3 versions. Published: November 10, 2023; 9:15:35 AM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-32739 |
Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions. Published: November 09, 2023; 4:15:24 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-47238 |
Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions. Published: November 09, 2023; 2:15:08 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-46627 |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <= 2.1 versions. Published: November 08, 2023; 11:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-5982 |
The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage location. This makes it possible for unauthenticated attackers to modify the Google Drive location that backups are sent to via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can make it possible for attackers to receive backups for a site which may contain sensitive information. Published: November 07, 2023; 4:15:14 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-5819 |
The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. However, please note that this can also be combined with CVE-2023-5818 for CSRF to XSS. Published: November 07, 2023; 3:15:09 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-5818 |
The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage() function. This makes it possible for unauthenticated attackers to update the plugins settings, including the Amazon Tracking ID, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: November 07, 2023; 3:15:09 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-41798 |
Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1. Published: November 07, 2023; 1:15:08 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-47181 |
Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2. Published: November 07, 2023; 1:15:08 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-45810 |
Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2. Published: November 07, 2023; 12:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-45370 |
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. Published: November 07, 2023; 12:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-5709 |
The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Published: November 07, 2023; 7:15:13 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-5703 |
The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: November 07, 2023; 7:15:13 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-5669 |
The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: November 07, 2023; 7:15:13 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-5661 |
The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: November 07, 2023; 7:15:13 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-5660 |
The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: November 07, 2023; 7:15:13 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-5659 |
The Interact: Embed A Quiz On Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interact-quiz' shortcode in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: November 07, 2023; 7:15:13 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-5577 |
The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: November 07, 2023; 7:15:12 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-5567 |
The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: November 07, 2023; 7:15:12 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |