Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-48333: WordPress Booster for WooCommerce plugin <= 7.1.1 - Auth. Arbitrary Order Information Disclosure Vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1.

CVE
Open in Source
#vulnerability#wordpress#auth
CVE-2023-45834: WordPress Libsyn Publisher Hub plugin <= 1.4.4 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4.

CVE-2023-33333: WordPress Complianz plugin <= 6.4.4 - CSRF lead to Site Wide Cross Site Scripting (XSS) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1.

CVE-2023-48279: WordPress Seraphinite Post .DOCX Source plugin <= 2.16.6 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6.

CVE-2023-34030: WordPress Complianz plugin <= 6.4.5 - Multiple Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7.

CVE-2023-47645: WordPress RegistrationMagic plugin <= 5.2.2.6 - Delete Form Submission Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6.

CVE-2023-48742: WordPress License Manager for WooCommerce plugin <= 2.2.10 - SQL Injection vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection.This issue affects License Manager for WooCommerce: from n/a through 2.2.10.

CVE-2023-47827: WordPress Events Addon for Elementor plugin <= 2.1.3 - Broken Access Control vulnerability - Patchstack

Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Events Addon for Elementor: from n/a through 2.1.3.

CVE-2023-36682: WordPress Schema Pro plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7.

CVE-2023-48281: WordPress Broken Link Checker for YouTube plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broken Link Checker for YouTube allows Cross Site Request Forgery.This issue affects Broken Link Checker for YouTube: from n/a through 1.3.