Archives: Reports

CVE ID:

CVE-2023-0490

WordPress Plugin

fx-toc

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0489

WordPress Plugin

slideonline

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0535

WordPress Plugin

donations-block

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0559

WordPress Plugin

gs-envato-portfolio

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0541

WordPress Plugin

gs-books-showcase

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0540

WordPress Plugin

gs-portfolio

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0539

WordPress Plugin

gs-instagram-portfolio

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0492

WordPress Plugin

gs-woocommerce-products-slider

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0491

WordPress Plugin

schedulicity-online-appointment-booking

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0538

WordPress Plugin

campaign-url-builder

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23877

WordPress Plugin

pinterest-rss-widget

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23873

WordPress Plugin

bbspoiler

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23867

WordPress Plugin

buttons-x

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23701

WordPress Plugin

easy-sign-up

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-10

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0405

WordPress Plugin

gpt3-ai-content-generator

Vulnerability Type:

Missing Authorization

Date:

2023-01-09

The plugin contains a Missing Authorization vulnerability due to a missing capability check in the wpaicg_set_post_content_ AJAX action, which makes it possible for authenticated attackers with a role as low as subscriber to update arbitrary post content.

Read More

CVE ID:

CVE-2023-0259

WordPress Plugin

wp-google-places-review-slider

Vulnerability Type:

SQL Injection

Date:

2023-01-09

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

Read More

CVE ID:

CVE-2023-0260

WordPress Plugin

wp-facebook-reviews

Vulnerability Type:

SQL Injection

Date:

2023-01-09

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

Read More

CVE ID:

CVE-2023-0261

WordPress Plugin

wp-tripadvisor-review-slider

Vulnerability Type:

SQL Injection

Date:

2023-01-09

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

Read More

CVE ID:

CVE-2023-0262

WordPress Plugin

wp-airbnb-review-slider

Vulnerability Type:

SQL Injection

Date:

2023-01-09

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

Read More

CVE ID:

CVE-2023-0263

WordPress Plugin

wp-yelp-review-slider

Vulnerability Type:

SQL Injection

Date:

2023-01-09

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

Read More

CVE ID:

CVE-2023-24377

WordPress Plugin

ecwid-shopping-cart

Vulnerability Type:

Cross-Site Request Forgery (CSRF)

Date:

2023-01-09

The plugin contains a Cross-Site Request Forgery (CSRF) vulnerability due to a missing nonce check in the ec-store-do-woo-import AJAX action, which makes it possible for attackers to reset import via a forged request if they can trick an administrator into performing an action such as clicking on a link.

Read More

CVE ID:

CVE-2023-0418

WordPress Plugin

video-central

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-25791

WordPress Plugin

fontiran

Vulnerability Type:

Missing Authorization

Date:

2023-01-09

The plugin contains a Missing Authorization vulnerability due to a missing capability check in the fi_delete_webfont AJAX action, which makes it possible for authenticated attackers with a role as low as subscriber to delete arbitrary font.

Read More

CVE ID:

CVE-2023-28417

WordPress Plugin

integration-dynamics

Vulnerability Type:

Missing Authorization

Date:

2023-01-09

The plugin contains a Missing Authorization vulnerability due to a missing capability check in the wpcrm_log_verbosity and wpcrm_log AJAX actions, which makes it possible for authenticated attackers with a role as low as subscriber to update log level and download the log.

Read More

CVE ID:

CVE-2023-0365

WordPress Plugin

react-webcam

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More