Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-37867: WordPress Yasr – Yet Another Stars Rating plugin <= 3.3.8 - Race Condition vulnerability - Patchstack

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8.

CVE
Open in Source
#vulnerability#wordpress
CVE-2023-36685: WordPress CartFlows Pro plugin <= 1.11.12 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through 1.11.12.

CVE-2023-6136: WordPress Debug Log Manager plugin <= 2.3.0 - Sensitive Data Exposure via Log File vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0.

CVE-2023-40680: WordPress Yoast SEO plugin <= 21.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0.

CVE-2023-41128: WordPress WP Roadmap plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design WP Roadmap – Product Feedback Board allows Stored XSS.This issue affects WP Roadmap – Product Feedback Board: from n/a through 1.0.8.

CVE-2023-41127: WordPress Evergreen Content Poster plugin <= 1.3.6.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media allows Stored XSS.This issue affects Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media: from n/a through 1.3.6.1.

CVE-2023-48744: WordPress Availability Calendar plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6.

CVE-2023-48334: WordPress League Table plugin <= 1.13 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery.This issue affects League Table: from n/a through 1.13.

CVE-2023-48284: WordPress Decorator – WooCommerce Email Customizer plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7.

CVE-2023-48323: WordPress Awesome Support – WordPress HelpDesk & Support Plugin plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.4.