Archives: Reports

CVE ID:

CVE-2023-0082

WordPress Plugin

google-analytics-dashboard-for-wp

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-01

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0380

WordPress Plugin

easy-digital-downloads

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-01

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0230

WordPress Plugin

vk-all-in-one-expansion-unit

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-01

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0231

WordPress Plugin

woolentor-addons

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-01

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0252

WordPress Plugin

contextual-related-posts

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-01

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0379

WordPress Plugin

spotlight-social-photo-feeds

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-01

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0059

WordPress Plugin

youzify

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-01

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0233

WordPress Plugin

activecampaign-subscription-forms

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-01

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0078

WordPress Plugin

resume-builder

Vulnerability Type:

Cross-Site Scripting (XSS),
Missing Authorization

Date:

2022-12-31

The plugin contains a Missing Authorization vulnerability due to a missing capability check in the rb_save_resume AJAX action, which makes it possible for authenticated attackers with a role as low as subscriber to access functionality. The plugin also contains a Cross-Site Scripting (XSS) vulnerability, due to the plugin does not sanitize and escape some parameters, which makes it possible to inject arbitrary web scripts.

Read More

CVE ID:

CVE-2023-0065

WordPress Plugin

i2-pro-cons

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-28

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0064

WordPress Plugin

wens-responsive-column-layout-shortcodes

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-28

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0063

WordPress Plugin

synved-shortcodes

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-28

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0062

WordPress Plugin

ean-for-woocommerce

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-28

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0061

WordPress Plugin

judgeme-product-reviews-woocommerce

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-28

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0060

WordPress Plugin

responsive-gallery-grid

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-28

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0069

WordPress Plugin

wpaudio-mp3-player

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-27

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0144

WordPress Plugin

mage-eventpress

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-27

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0068

WordPress Plugin

product-gtin-ean-upc-isbn-for-woocommerce

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-27

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0094

WordPress Plugin

upqode-google-maps

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-27

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0067

WordPress Plugin

timed-content

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-27

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0066

WordPress Plugin

companion-sitemap-generator

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-27

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0070

WordPress Plugin

responsivevoice-text-to-speech

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-27

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0274

WordPress Plugin

url-params

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0276

WordPress Plugin

weaverx-theme-support

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

WordPress Plugin

google-map-shortcode

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More