Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-37890: WordPress KB Support – WordPress Help Desk plugin <= 1.5.88 - Missing Authorization vulnerability - Patchstack

Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPress Help Desk and Knowledge Base: from n/a through 1.5.88.

CVE
Open in Source
#vulnerability#wordpress#perl#auth
CVE-2023-39921: WordPress Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin <= 4.6.19 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through 4.6.19.

CVE-2023-45609: WordPress Powr Pack plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0.

CVE-2023-46086: WordPress affiliate-toolkit plugin <= 3.4.3 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3.

CVE-2023-6360: SQL Injection in My Calendar WordPress Plugin

The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.

CVE-2023-5803: WordPress Business Directory plugin <= 6.3.10 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10.

CVE-2023-40662: WordPress Cookies and Content Security Policy plugin <= 2.15 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15.

CVE-2023-41735: WordPress Email posts to subscribers plugin <= 6.2 - Sensitive Data Exposure - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2.

CVE-2023-44150: WordPress ProfilePress plugin <= 4.13.2 - Sensitive Data Exposure via Debug Log vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2.

CVE-2023-45066: WordPress Export All Posts, Products, Orders, Refunds & Users plugin <= 2.4.1 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.