Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-3992

The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE
Open in Source
#xss#wordpress
CVE-2023-3501

The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE-2023-3356

The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

CVE-2023-41537: CVE-nu11secur1ty/vendors/phpjabbers/2023/Business-Directory-Script-Version:3.2 at main · nu11secur1ty/CVE-nu11secur1ty

phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.

CVE-2023-41538: CVE-nu11secur1ty/vendors/phpjabbers/2023/PHP-Forum-Script-3.0 at main · nu11secur1ty/CVE-nu11secur1ty

phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.

CVE-2023-34187: WordPress Call Now Icon Animate plugin <= 0.1.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Tien Call Now Icon Animate plugin <= 0.1.0 versions.

CVE-2023-34184: WordPress Woocommerce Order address Print plugin <= 3.2 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bhavik Patel Woocommerce Order address Print plugin <= 3.2 versions.

CVE-2023-34175: WordPress Login Configurator plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.

CVE-2023-34174: WordPress BBS e-Popup plugin <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BBS e-Theme BBS e-Popup plugin <= 2.4.5 versions.

CVE-2023-34183: WordPress Unite Gallery Lite plugin <= 1.7.61 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions.