# wordpress

WordPress BookIt 2.3.7 Authentication Bypass

#xss #csrf #vulnerability #web #windows #apple #linux #wordpress #php #auth #chrome #webkit

WordPress BookIt plugin versions 2.3.7 and below suffer from an authentication bypass vulnerability.

2 years ago

Packet Storm

#vulnerability #web #wordpress #intel #auth

CVE-2023-27432: WordPress Manage Upload Limit plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimpleTools Manage Upload Limit plugin <= 1.0.4 versions.

2 years ago

CVE-2023-27429: WordPress Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation plugin <= 5.4.4 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions.

2 years ago

CVE-2023-27414: WordPress Popup box plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.

2 years ago

CVE-2023-27450: WordPress Leyka plugin <= 3.29.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.

2 years ago

CVE-2023-27443: WordPress Simple Vimeo Shortcode plugin <= 2.9.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin <= 2.9.1 versions.

2 years ago

CVE-2023-27439: WordPress New Adman plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions.

2 years ago

CVE-2023-35885: Changelog | CloudPanel | Documentation

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.

2 years ago