Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-26541: WordPress asMember plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <= 1.5.4 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-27634: WordPress intrepidity theme <= 1.5.1 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.

CVE-2023-25055: WordPress Google XML Sitemap for Videos plugin <= 2.6.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions.

CVE-2023-24420: WordPress Admin side data storage for Contact Form 7 plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <= 1.1.1 versions.

CVE-2023-25972: WordPress Старт plugin <= 3.7 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress ????? plugin <= 3.7 versions.

CVE-2023-25450: WordPress GiveWP plugin <= 2.25.1 - Cross Site Request Forgery (CSRF) via give_cache_flush vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions.

CVE-2023-23802: WordPress HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions.

CVE-2023-25449: WordPress cformsII plugin <= 15.0.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <= 15.0.4 versions.

Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin

A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which shipped on May 30, 2023. WooCommerce Stripe Gateway allows e-commerce websites to directly accept

CVE-2023-34000: Vulnerability in WooCommerce Stripe Gateway Plugin - Patchstack

Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions.