Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-23685: WordPress Portfolio – WordPress Portfolio Plugin plugin <= 2.8.10 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin <= 2.8.10 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-23686: WordPress Simple Staff List plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions.

CVE-2022-41633: WordPress Community by PeepSo plugin <= 6.0.2.0 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0 versions.

CVE-2023-23878: WordPress WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.

CVE-2023-23821: WordPress Interactive Polish Map plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcin Pietrzak Interactive Polish Map plugin <= 1.2 versions.

WordPress Accessibility Help Button 1.1 Cross Site Scripting

WordPress Accessibility Help Button plugin version 1.1 suffers from a cross site scripting vulnerability.

WordPress Paid Memberships Pro 2.9.8 SQL Injection

WordPress Paid Memberships Pro plugin version 2.9.8 suffers from a remote SQL injection vulnerability.

WordPress File Manager 6.9 Shell Upload

WordPress File Manager plugin versions 6.0 through 6.9 suffer from a remote shell upload vulnerability.

CVE-2023-0399

The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2023-0820

The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.