Filtered by vendor Wordpress
Subscriptions
Total
5039 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0847 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete messages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-0710 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.3 Medium |
| The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context. | ||||
| CVE-2024-0615 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.3 Medium |
| The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to extract post titles, IDs, slugs, statuses and other information including post content. This includes published content only. | ||||
| CVE-2024-0613 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.1 Medium |
| The Delete Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.1. This is due to missing or incorrect nonce validation on the ajax_delete_field() function. This makes it possible for unauthenticated attackers to delete arbitrary post meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-0590 | 2 Microsoft, Wordpress | 2 Clarity, Wordpress | 2024-11-21 | 6.1 Medium |
| The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-7046 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 7.5 High |
| The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys | ||||
| CVE-2023-7030 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.4 Medium |
| The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-6813 | 2 Auth0, Wordpress | 2 Login By Auth0, Wordpress | 2024-11-21 | 6.1 Medium |
| The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wle’ parameter in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2023-6806 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.4 Medium |
| The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-6708 | 2 Benbodhi, Wordpress | 2 Svg Support, Wordpress | 2024-11-21 | 5.4 Medium |
| The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping, even when the 'Sanitize SVG while uploading' feature is enabled. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that successful exploitation of this vulnerability requires the administrator to allow author-level users to upload SVG files. | ||||
| CVE-2023-52224 | 2 Revolut, Wordpress | 2 Revolut Gateway For Woocommerce, Wordpress | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through 4.9.7. | ||||
| CVE-2023-52179 | 2 Webcodingplace, Wordpress | 2 Product Expiry For Woocommerce, Wordpress | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5. | ||||
| CVE-2023-52176 | 2 Miniorange, Wordpress | 2 Malware Scanner, Wordpress | 2024-11-21 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1. | ||||
| CVE-2023-52144 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15. | ||||
| CVE-2023-51531 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17. | ||||
| CVE-2023-51528 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12. | ||||
| CVE-2023-51526 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through 2.2.4. | ||||
| CVE-2023-51521 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.18. | ||||
| CVE-2023-51471 | 1 Wordpress | 1 Checkout Mestres | 2024-11-21 | 8.2 High |
| Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. | ||||
| CVE-2023-51425 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 9.8 Critical |
| Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. | ||||