Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2022-44743: WordPress Jobs for WordPress plugin <= 2.5.11.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.11.2 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2022-44594: WordPress All in One Time Clock Lite plugin <= 1.3.320 - Auth. Stored Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin <= 1.3.320 versions.

CVE-2023-24386: WordPress AI Contact Us Form plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin <= 1.0 versions.

CVE-2023-24404: WordPress Marketing Performance plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions.

CVE-2022-44631: WordPress 1app Business Forms plugin <= 1.0.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1app Technologies, Inc 1app Business Forms plugin <= 1.0.0 versions.

CVE-2022-44582: WordPress Apptivo Business Site CRM plugin <= 3.0.12 - Auth. Stored Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apptivo Apptivo Business Site CRM plugin <= 3.0.12 versions.

CVE-2023-30616: CSRF due to missing nonce verification

Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability.

WordPress PowerPress 10.0 Cross Site Scripting

WordPress PowerPress plugin versions 10.0 and below suffer from a persistent cross site scripting vulnerability.

CVE-2014-125099: Release 3.7.3: Fixed a Possible SQL injection vulnerability reported by [Oskar Adin]… · wp-plugins/i-recommend-this

A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The name of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability.

CVE-2023-2170: Diff [2774153:2868795] for simple-tags/trunk – WordPress Plugin Repository

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.