CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at WordPress.

 Verified

 Not fixed

**5.4**

CVSS 3.1 score Medium severity

Monitoring Coming soon

Software

Word Search Puzzles game

Vulnerable versions

<= 2.0.1

PSID 

b189ec77df94

Classification 

Cross Site Scripting (XSS)

OWASP Top 10 

A7: Cross-Site Scripting (XSS)

Required privilege 

Requires contributor or higher role user authentication.

Publicly disclosed

2022-09-01

**Details**

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities were discovered by Vlad Vector (Patchstack) in the WordPress Word Search Puzzles game plugin (versions <= 2.0.1).

**Solution**

Deactivate and delete. No reply from the vendor.

**References**

CVE-2022-36383: WordPress Word Search Puzzles game plugin <= 2.0.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities - Patchstack

Headline

CVE-2022-36383: WordPress Word Search Puzzles game plugin <= 2.0.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities - Patchstack

CVE: Latest News