Archives: Reports

CVE ID:

CVE-2023-0399

WordPress Plugin

image-over-image-vc-extension

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0366

WordPress Plugin

loan-comparison

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0153

WordPress Plugin

vimeo-video-autoplay-automute

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0145

WordPress Plugin

saan-world-clock

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0151

WordPress Plugin

utubevideo-gallery

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0150

WordPress Plugin

cloak-front-end-email

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0149

WordPress Plugin

wordprezi

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0154

WordPress Plugin

gamipress-vimeo-integration

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0148

WordPress Plugin

gallery-factory-lite

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0147

WordPress Plugin

flexible-captcha

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0146

WordPress Plugin

naver-map

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-08

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-23716

WordPress Plugin

zendesk

Vulnerability Type:

Cross-Site Request Forgery (CSRF)

Date:

2023-01-06

The plugin contains a Cross-Site Request Forgery (CSRF) vulnerability due to a missing nonce check in the zendesk_convert_to_ticket_post AJAX action, which makes it possible for attackers to create a Zendesk ticket from an arbitrary comment via a forged request if they can trick an administrator into performing an action such as clicking on a link.

Read More

CVE ID:

CVE-2023-25067

WordPress Plugin

opening-hours

Vulnerability Type:

Missing Authorization

Date:

2023-01-06

The plugin contains a Missing Authorization vulnerability due to a missing capability check in the we_are_open_admin_ajax AJAX action, which makes it possible for authenticated attackers with a role as low as subscriber to delete arbitrary special opening hour.

Read More

CVE ID:

CVE-2023-23986

WordPress Plugin

g-business-reviews-rating

Vulnerability Type:

Missing Authorization

Date:

2023-01-06

The plugin contains a Missing Authorization vulnerability due to a missing capability check in the google_business_reviews_rating_admin_ajax AJAX action, which makes it possible for authenticated attackers with a role as low as subscriber to update plugin settings.

Read More

CVE ID:

CVE-2023-0096

WordPress Plugin

happyforms

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-02

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0095

WordPress Plugin

page-views-count

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-02

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0378

WordPress Plugin

greenshift-animation-and-page-builder-blocks

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-02

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0377

WordPress Plugin

scriptless-social-sharing

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-02

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0376

WordPress Plugin

qubely

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-02

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0375

WordPress Plugin

easy-affiliate-links

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-02

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0374

WordPress Plugin

w4-post-list

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-02

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0373

WordPress Plugin

lightweight-accordion

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-02

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0097

WordPress Plugin

post-carousel

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-02

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0360

WordPress Plugin

location-weather

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-02

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0081

WordPress Plugin

google-analytics-for-wordpress

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2023-01-01

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More