#wordpress

The WordPrezi WordPress plugin before 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'zeromk_user' and 'zeromk_apikluc' parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 versions.

The January attack was in retaliation for the satirical French magazine's decision to launch a cartoon contest to lampoon Iran's Supreme Leader.

Oracle Database version 12.1.0.2 suffers from a privilege escalation vulnerability that achieves DBA access via the Spatial component.

Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions.

Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions.