Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Wordpress
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-0816 |
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. Published: March 27, 2023; 12:15:09 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-0660 |
The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: March 27, 2023; 12:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0589 |
The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. Published: March 27, 2023; 12:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0505 |
The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack Published: March 27, 2023; 12:15:09 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-0504 |
The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack Published: March 27, 2023; 12:15:09 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-0503 |
The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-0502 |
The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-0501 |
The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-0500 |
The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-0499 |
The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-0498 |
The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-0497 |
The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-0496 |
The HT Event WordPress plugin before 1.4.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-0495 |
The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-0491 |
The Schedulicity WordPress plugin through 2.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0484 |
The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-0467 |
The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation. Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-0441 |
The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user role. Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2023-0395 |
The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0336 |
The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment. Published: March 27, 2023; 12:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |