Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-47177: WordPress Linker plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yakir Sitbon, Ariel Klikstein Linker plugin <= 1.2.1 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-46824: WordPress Slick Popup plugin <= 1.7.14 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin <= 1.7.14 versions.

CVE-2023-46821: WordPress GD Security Headers plugin <= 1.7 - Auth. SQL Injection (SQLi) vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7.

CVE-2023-46783: WordPress Pre-Orders for WooCommerce plugin <= 1.2.13 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin <= 1.2.13 versions.

CVE-2023-23702: WordPress Comments Ratings plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions.

CVE-2023-46822: WordPress Store Exporter for WooCommerce plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin <= 2.7.2 versions.

CVE-2023-46782: WordPress MomentoPress for Momento360 plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin <= 1.0.1 versions.

CVE-2023-27605: WordPress WP Reroute Email plugin <= 1.4.6 - Auth. SQL Injection (SQLi) vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6.

CVE-2023-40609: WordPress Contact form 7 Custom validation plugin <= 1.1.3 - Unauth. SQL Injection (SQLi) vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3.

A week in security (October 30 &#8211; November 5)

A list of topics we covered in the week of October 30 to November 5 of 2023