Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-49834: WordPress FOX Currency Switcher Professional for WooCommerce plugin <= 1.4.1.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.

CVE
Open in Source
#csrf#vulnerability#wordpress#auth
CVE-2023-49816: WordPress Fix My Feed RSS Repair plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair.This issue affects Fix My Feed RSS Repair: from n/a through 1.4.

CVE-2023-49769: WordPress Integrate Google Drive plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.4.

CVE-2023-49775: WordPress CSV Importer plugin <= 0.3.8 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8.

CVE-2023-49751: WordPress Block for Font Awesome plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through 1.4.0.

CVE-2023-24380: WordPress Simple Wp Sitemap plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap.This issue affects Simple Wp Sitemap: from n/a through 1.2.1.

CVE-2023-6559: MW WP Form <= 5.0.3 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion — Wordfence Intelligence

The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.

CVE-2023-49829: WordPress Tutor LMS plugin <= 2.2.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS – eLearning and online course solution allows Stored XSS.This issue affects Tutor LMS – eLearning and online course solution: from n/a through 2.2.4.

CVE-2023-49823: WordPress Bold Page Builder plugin <= 4.6.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.6.1.

CVE-2023-49767: WordPress Biteship plugin <= 2.2.24 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Stored XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.