Archives: Reports

CVE ID:

CVE-2023-0270

WordPress Plugin

yamaps

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0271

WordPress Plugin

wp-font-awesome

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0272

WordPress Plugin

nex-forms-express-wp-form-builder

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0273

WordPress Plugin

custom-content-shortcode

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0275

WordPress Plugin

wordpress-easy-paypal-payment-or-donation-accept-plugin

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0076

WordPress Plugin

download-attachments

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0075

WordPress Plugin

amazonjs

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0074

WordPress Plugin

wp-social-widget

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0073

WordPress Plugin

wp-client-logo-carousel

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0072

WordPress Plugin

wc-vendors

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0071

WordPress Plugin

wp-expand-tabs-free

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0080

WordPress Plugin

customer-reviews-woocommerce

Vulnerability Type:

Local File Inclusion (LFI)

Date:

2022-12-25

The plugin contains a Local File Inclusion (LFI) vulnerability due to the plugin does not sanitize comment_file attribute in the cusrev_reviews shortcode, which makes it possible for authenticated attackers with a role as low as contributor to include arbitrary files.

Read More

CVE ID:

CVE-2023-0165

WordPress Plugin

nd-projects

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0178

WordPress Plugin

anual-archive

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0176

WordPress Plugin

rafflepress

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0175

WordPress Plugin

smart-logo-showcase-lite

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0174

WordPress Plugin

wpvr

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0173

WordPress Plugin

wpfunnels

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0172

WordPress Plugin

juicer

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0079

WordPress Plugin

customer-reviews-woocommerce

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0171

WordPress Plugin

jquery-t-countdown-widget

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0170

WordPress Plugin

html5-audio-player

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0169

WordPress Plugin

zoho-forms

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0168

WordPress Plugin

olevmedia-shortcodes

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0167

WordPress Plugin

getresponse-integration

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More