Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-25796: WordPress WP BaiDu Submit plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <= 1.2.1 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-25798: WordPress Olevmedia Shortcodes plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Olevmedia Olevmedia Shortcodes plugin <= 1.1.9 versions.

CVE-2023-25786: WordPress Eyes Only: User Access Shortcode plugin <= 1.8.2 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions.

CVE-2023-25787: WordPress WP资源下载管理 plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP?????? plugin <= 1.3.9 versions.

CVE-2023-25797: WordPress vSlider Multi Image Slider for WordPress plugin <= 4.1.2 - Cross Site Scripting (XSS) - Patchstack

Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.

CVE-2023-25784: WordPress Sticky Ad Bar Plugin plugin <= 1.3.1 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions.

CVE-2023-25792: WordPress WP Open Social plugin <= 5.0 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XiaoMac WP Open Social plugin <= 5.0 versions.

CVE-2023-25783: WordPress FireCask Like & Share Button plugin <= 1.1.5 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions.

CVE-2023-25789: WordPress Tapfiliate plugin <= 3.0.12 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions.

CVE-2023-29839: GitHub - jichngan/CVE-2023-29839: Hotel Druid 3.0.4 Stored Cross Site Scripting Vulnerability

A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.