02-06-2023 04:01

cve-2023-2835 Vulnerabilidad documentada

6.1 MEDIUM

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due insufficient input sanitization output escaping. This makes it possible unauthenticated attackers inject arbitrary web scripts pages that execute if they can successfully trick a user into performing an action such as clicking on link. http://cwe.mitre.org/data/definitions/79.html CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

02-06-2023 01:01

cve-2023-2201 Vulnerabilidad documentada

8.8 HIGH

The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.7 due insufficient escaping on user supplied lack of sufficient preparation existing query. This makes it possible authenticated attackers with contributor-level privileges append additional queries into already that can be used extract sensitive information from database. http://cwe.mitre.org/data/definitions/89.html CWE-89 Improper Neutralization Special Elements an Command ('SQL Injection')

01-06-2023 15:26

Jetpack WordPress Plug-in API Bug Triggers Mass Updates https://t.co/iqA8KbPgle #cyber #awareness #threatintell… https://t.co/gJkNjuKoNA

01-06-2023 13:37

Decade-old critical vulnerability in Jetpack patched on millions of WordPress websites https://t.co/Y2ie5dqkun… https://t.co/GiooATFSYN

01-06-2023 11:33

Decade-old critical vulnerability in Jetpack patched on millions of WordPress websites https://t.co/Y2ie5dpMEP… https://t.co/OFYrbX681R

01-06-2023 05:44

Jetpack Critical Vulnerability Puts Millions of WordPress Sites at Risk https://t.co/f3aMSZTJYM #cyber #awareness… https://t.co/utOH3OS2o5

31-05-2023 02:01

cve-2023-2304 Vulnerabilidad documentada

6.4 MEDIUM

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due insufficient input sanitization output escaping on user supplied attributes. This makes it possible authenticated attackers with contributor-level above permissions inject arbitrary web scripts pages that will execute whenever a accesses an injected page. http://cwe.mitre.org/data/definitions/79.html CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

31-05-2023 01:01

cve-2023-2836 Vulnerabilidad documentada

4.4 MEDIUM

The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due insufficient input sanitization output escaping. This makes it possible authenticated attackers, with administrator-level permissions above, inject arbitrary web scripts pages that will execute whenever a user accesses an injected page. only affects multi-site installations where unfiltered_html has been disabled. http://cwe.mitre.org/data/definitions/79.html CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

31-05-2023 00:02

cve-2023-2987 Vulnerabilidad documentada

9.8 CRITICAL

The Wordapp plugin for WordPress is vulnerable to authorization bypass due an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. This makes it possible unauthenticated attackers change 'validation_token' config, providing access plugin's remote control functionalities, such as creating admin URL, which can be used privilege escalation. http://cwe.mitre.org/data/definitions/345.html CWE-345 Insufficient Verification Data Authenticity

30-05-2023 05:01

cve-2023-2518 Vulnerabilidad documentada

N/A

The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape a parameter before outputting it back in the page when debug option is enabled, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. http://cwe.mitre.org/data/definitions/79.html CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')