Search Results (Refine Search)
- Keyword (text search): wordpress
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-50889 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2. Published: December 29, 2023; 7:15:45 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-50879 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. Published: December 29, 2023; 7:15:44 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-52135 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170. Published: December 29, 2023; 6:15:11 AM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-51372 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS.This issue affects HashBar – WordPress Notification Bar: from n/a through 1.4.1. Published: December 29, 2023; 6:15:09 AM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-50896 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17. Published: December 29, 2023; 6:15:08 AM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2022-44589 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1. Published: December 29, 2023; 5:15:08 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-40606 |
Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. Published: December 29, 2023; 4:15:08 AM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2022-36399 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4. Published: December 28, 2023; 5:15:45 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-50845 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or Classified Directory: from n/a through 2.3.28. Published: December 28, 2023; 2:15:15 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-50849 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.23. Published: December 28, 2023; 7:15:42 AM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-50856 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits: from n/a through 2.14.3. Published: December 28, 2023; 6:15:09 AM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-27447 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4. Published: December 28, 2023; 6:15:07 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-51501 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6. Published: December 28, 2023; 5:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-50874 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through 6.1.0.1. Published: December 28, 2023; 5:15:08 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-51700 |
Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database. If unauthorized actors gain access to the database, they could exploit this vulnerability to execute object injection attacks. This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment. Users of the plugin should upgrade to version 1.0.1 (or later), where the serialization and deserialization of OrderResponse objects have been switched out to an array stored as JSON. A possible workaround for users unable to upgrade immediately is to enforce stricter access controls on the database, ensuring that only trusted and authorized entities can modify data. Additionally, implementing monitoring tools to detect unusual database activities could help identify and mitigate potential exploitation attempts. Published: December 27, 2023; 1:15:23 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-6268 |
The JSON Content Importer WordPress plugin before 1.5.4 does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Published: December 26, 2023; 2:15:08 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-6250 |
The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag Published: December 26, 2023; 2:15:08 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-6166 |
The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting Published: December 26, 2023; 2:15:08 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-6155 |
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses. Published: December 26, 2023; 2:15:08 PM -0500 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-6114 |
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site. Published: December 26, 2023; 2:15:08 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |