Archives: Reports

CVE ID:

CVE-2023-0364

WordPress Plugin

real-kit

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0363

WordPress Plugin

scheduled-announcements-widget

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0419

WordPress Plugin

shortcode-for-font-awesome

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0362

WordPress Plugin

themify-portfolio-post

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23709

WordPress Plugin

wpjam-basic

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23703

WordPress Plugin

arconix-shortcodes

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23828

WordPress Plugin

wp-category-posts-list

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23833

WordPress Plugin

drop-shadow-boxes

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-25981

WordPress Plugin

buddyforms

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23826

WordPress Plugin

add-posts-to-pages

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23827

WordPress Plugin

google-maps-v3-shortcode

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23815

WordPress Plugin

multi-column-tag-map

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23817

WordPress Plugin

simple-pdf-viewer

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23717

WordPress Plugin

portfolio-slideshow

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23831

WordPress Plugin

rating-widget

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-22713

WordPress Plugin

wpdm-gutenberg-blocks

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23829

WordPress Plugin

owl-carousel

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23832

WordPress Plugin

ultimate-wp-query-search-filter

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-09

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0368

WordPress Plugin

responsive-tabs-for-wpbakery

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0367

WordPress Plugin

pricing-tables-for-wpbakery-page-builder

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0152

WordPress Plugin

wp-multi-store-locator

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0372

WordPress Plugin

embedstories

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0371

WordPress Plugin

embedalbum-pro

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0370

WordPress Plugin

wpb-advanced-faq

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0369

WordPress Plugin

gotowp

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More