Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-46781: WordPress Current Menu Item for Custom Post Types plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <= 1.5 versions.

CVE
#csrf#vulnerability#wordpress#auth
CVE-2023-47186: WordPress Kadence WooCommerce Email Designer plugin <= 1.5.11 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions.

CVE-2023-47185: WordPress wpDiscuz plugin <= 7.6.11 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.

CVE-2023-47182: WordPress Login Screen Manager plugin <= 3.5.2 - Unauth Stored Cross Site Scripting (XSS) via CSRF vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions.

CVE-2023-47184: WordPress Admin Bar & Dashboard Access Control plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar & Dashboard Access Control plugin <= 1.2.8 versions.

CVE-2023-47177: WordPress Linker plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yakir Sitbon, Ariel Klikstein Linker plugin <= 1.2.1 versions.

CVE-2023-46824: WordPress Slick Popup plugin <= 1.7.14 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin <= 1.7.14 versions.

CVE-2023-46823: WordPress ImageLinks Interactive Image Builder for WordPress plugin <= 1.5.4 - SQL Injection vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4.

CVE-2023-46821: WordPress GD Security Headers plugin <= 1.7 - Auth. SQL Injection (SQLi) vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7.