Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-49197: WordPress DoFollow Case by Case plugin <= 3.4.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case.This issue affects DoFollow Case by Case: from n/a through 3.4.2.

CVE
Open in Source
#csrf#vulnerability#wordpress#auth
CVE-2023-49189: WordPress Social Share Buttons & Analytics Plugin – GetSocial.io plugin <= 4.3.12 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through 4.3.12.

CVE-2023-49767: WordPress Biteship plugin <= 2.2.24 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Stored XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.

CVE-2023-49159: WordPress CommentLuv plugin <= 3.0.4 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4.

CVE-2023-49174: WordPress Responsive Lightbox plugin <= 2.4.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.

CVE-2023-49175: WordPress KP Fastest Tawk.to Chat plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS.This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1.

CVE-2023-49170: WordPress Forms by CaptainForm plugin <= 2.5.3 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm – Form Builder for WordPress: from n/a through 2.5.3.

CVE-2023-49169: WordPress Ads by datafeedr.com plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS.This issue affects Ads by datafeedr.Com: from n/a through 1.2.0.

CVE-2023-49182: WordPress List all posts by Authors, nested Categories and Title plugin <= 2.7.10 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10.

CVE-2023-49183: WordPress NextScripts: Social Networks Auto-Poster plugin <= 4.4.2 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2.