Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-47517: WordPress SendPress Newsletters plugin <= 1.23.11.6 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.23.11.6 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-45627

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

CVE-2023-47520: WordPress Responsive Column Widgets plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Uno (miunosoft) Responsive Column Widgets plugin <= 1.2.7 versions.

CVE-2023-46582: Code-Projects-Inventory-Management-1.0/CVE-2023-46582-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md at main · ersinerenler/Code-Projects-Inventory-Management-1.0

SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component.

CVE-2023-47528: WordPress WP Edit Username plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sajjad Hossain Sagor WP Edit Username plugin <= 1.0.5 versions.

CVE-2023-47524: WordPress CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability (requires PHP 8.x) in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 versions.

CVE-2023-47532: WordPress WP Crowdfunding plugin <= 2.1.6 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum WP Crowdfunding plugin <= 2.1.6 versions.

CVE-2023-46026: phpgurukul-Teacher-Subject-Allocation-Management-System-1.0/CVE-2023-46026-PHPGurukul-Teacher-Subject-Allocation-Management-System-1.0-Stored-Cross-Site-Scripting-Vulnerability.md at main · ersinerenl

Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters.

CVE-2023-46581: Code-Projects-Inventory-Management-1.0/CVE-2023-46581-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md at main · ersinerenler/Code-Projects-Inventory-Management-1.0

SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component.

CVE-2023-46580: Code-Projects-Inventory-Management-1.0/CVE-2023-46580-Code-Projects-Inventory-Management-1.0-Stored-Cross-Site-Scripting-Vulnerability.md at main · ersinerenler/Code-Projects-Inventory-Management-1.0

Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component.