Volver al listado | Servicio proveido por: vulneralert
wordpress
Últimas alertas
02-06-2023 04:01

cve-2023-2835 Vulnerabilidad documentada

6.1 MEDIUM
The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due insufficient input sanitization output escaping. This makes it possible unauthenticated attackers inject arbitrary web scripts pages that execute if they can successfully trick a user into performing an action such as clicking on link.
http://cwe.mitre.org/data/definitions/79.html CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
02-06-2023 01:01

cve-2023-2201 Vulnerabilidad documentada

8.8 HIGH
The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.7 due insufficient escaping on user supplied lack of sufficient preparation existing query. This makes it possible authenticated attackers with contributor-level privileges append additional queries into already that can be used extract sensitive information from database.
http://cwe.mitre.org/data/definitions/89.html CWE-89 Improper Neutralization Special Elements an Command ('SQL Injection')
01-06-2023 15:26
Jetpack WordPress Plug-in API Bug Triggers Mass Updates
https://t.co/iqA8KbPgle #cyber #awareness #threatintell… https://t.co/gJkNjuKoNA
01-06-2023 13:37
Decade-old critical vulnerability in Jetpack patched on millions of WordPress websites
https://t.co/Y2ie5dqkun… https://t.co/GiooATFSYN
01-06-2023 11:33
Decade-old critical vulnerability in Jetpack patched on millions of WordPress websites
https://t.co/Y2ie5dpMEP… https://t.co/OFYrbX681R
01-06-2023 05:44
Jetpack Critical Vulnerability Puts Millions of WordPress Sites at Risk
https://t.co/f3aMSZTJYM #cyber #awareness… https://t.co/utOH3OS2o5
31-05-2023 02:01

cve-2023-2304 Vulnerabilidad documentada

6.4 MEDIUM
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due insufficient input sanitization output escaping on user supplied attributes. This makes it possible authenticated attackers with contributor-level above permissions inject arbitrary web scripts pages that will execute whenever a accesses an injected page.
http://cwe.mitre.org/data/definitions/79.html CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
31-05-2023 01:01

cve-2023-2836 Vulnerabilidad documentada

4.4 MEDIUM
The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due insufficient input sanitization output escaping. This makes it possible authenticated attackers, with administrator-level permissions above, inject arbitrary web scripts pages that will execute whenever a user accesses an injected page. only affects multi-site installations where unfiltered_html has been disabled.
http://cwe.mitre.org/data/definitions/79.html CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
31-05-2023 00:02

cve-2023-2987 Vulnerabilidad documentada

9.8 CRITICAL
The Wordapp plugin for WordPress is vulnerable to authorization bypass due an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. This makes it possible unauthenticated attackers change 'validation_token' config, providing access plugin's remote control functionalities, such as creating admin URL, which can be used privilege escalation.
http://cwe.mitre.org/data/definitions/345.html CWE-345 Insufficient Verification Data Authenticity
30-05-2023 05:01

cve-2023-2518 Vulnerabilidad documentada

N/A
The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape a parameter before outputting it back in the page when debug option is enabled, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
http://cwe.mitre.org/data/definitions/79.html CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
eAprende.com | 2021
Icons made by Freepik from www.flaticon.com