Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin Read More ...
Continue Reading
August 30, 2023
The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settin ...
Continue Reading
August 30, 2023
The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when ...
Continue Reading
August 30, 2023
The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary pos ...
Continue Reading
August 30, 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin Read More ...
Continue Reading
August 30, 2023
The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins ...
Continue Reading
August 30, 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin Read More ...
Continue Reading
August 30, 2023
The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible for attackers to access restricted c ...
Continue Reading
August 30, 2023
Back to Main
