Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-47653: WordPress TWB Woocommerce Reviews plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abu Bakar TWB Woocommerce Reviews plugin <= 1.7.5 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-47654: WordPress BZScore – Live Score plugin <= 1.03 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in livescore.Bz BZScore – Live Score plugin <= 1.03 versions.

CVE-2023-47656: WordPress ANAC XML Bandi di Gara plugin <= 7.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin <= 7.5 versions.

CVE-2023-47660: WordPress Product Visibility by Country for WooCommerce plugin <= 1.4.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Wham Product Visibility by Country for WooCommerce plugin <= 1.4.9 versions.

CVE-2023-47659: WordPress Lava Directory Manager plugin <= 1.1.34 - Contributor+ stored Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions.

CVE-2023-6109: YOP Poll <= 6.5.26 - Race Condition to Vote Manipulation — Wordfence Intelligence

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to one vote per person.

CVE-2023-47684: WordPress Essential Grid plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <= 3.1.0 versions.

CVE-2023-47680: WordPress Qi Addons For Elementor plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Qode Interactive Qi Addons For Elementor plugin <= 1.6.3 versions.

CVE-2023-47665: WordPress Plainview Protect Passwords plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in edward_plainview Plainview Protect Passwords plugin <= 1.4 versions.

CVE-2023-47662: WordPress Live Gold Price & Silver Price Charts Widgets plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GoldBroker.Com Live Gold Price & Silver Price Charts Widgets plugin <= 2.4 versions.