What is CVE?
CVE (Common Vulnerabilities and Exposures) is a list of known security flaws in software and hardware. Each CVE identifies a specific vulnerability that hackers could exploit, helping businesses quickly address the issue and improve their security.
| CVEs | Description | CVSSv3 Score |
|---|---|---|
| CVE-2023-44227 | Simple File List <= 6.1.9 - Unauthenticated Arbitrary File Deletion | 9.1 |
| CVE-2023-23706 | WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Cross-Site Request Forgery | 8.8 |
| CVE-2023-22714 | Coming Soon by Supsystic <= 1.7.10 - Cross Site Request Forgery | 8.8 |
| CVE-2023-23796 | Form Builder <= 1.9.9.0 - Unauthenticated CSV Injection | 8.3 |
| CVE-2023-22719 | GiveWP <= 2.25.1 - Unauthenticated CSV Injection | 8.3 |
| CVE-2023-6266 | Backup Migration <= 1.3.6 - Unauthenticated Arbitrary Backup Download to Sensitive Information Exposure | 7.5 |
| CVE-2022-2369 | YaySMTP – Simple WP SMTP Mail <= 2.2 - Sensitive Information Disclosure | 7.5 |
| CVE-2023-25714 | Quick Paypal Payments <= 5.7.25 - Missing Authorization | 7.3 |
| CVE-2023-40679 | Master Addons for Elementor <= 2.0.5.3 - Missing Authorization | 7.3 |
| CVE-2023-24379 | Landing Page Builder – Free Landing Page Templates <= 3.1.9.8 - Local File Inclusion via 'lpp_template_select' | 7.2 |
| CVE-2023-27450 | Leyka <= 3.29.2 - Unauthenticated Stored Cross-Site Scripting | 7.2 |
| CVE-2023-25713 | Quick Paypal Payments <= 5.7.25 - Unauthenticated Stored Cross Site Scripting | 7.2 |
| CVE-2023-23979 | Quick Event Manager <= 9.7.4 - Unauthenticated Stored Cross Site Scripting | 7.2 |
| CVE-2023-24403 | bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 7.2 |
| CVE-2023-34179 | Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection | 7.2 |
| CVE-2023-25020 | Arigato Autoresponder and Newsletter <= 2.7.1 - Unauthenticated Stored Cross-Site Scripting | 7.2 |
| CVE-2022-2565 | Simple Payment Donations <= 4.2.0 - Unauthenticated Stored Cross-Site Scripting | 7.2 |
| CVE-2022-2559 | Fluent Support <= 1.5.7 - Authenticated (Administrator+) SQL Injection | 7.2 |
| CVE-2023-25448 | Archivist – Custom Archive Templates <= 1.7.4 - Cross-Site Request Forgery | 7.1 |
| CVE-2023-24419 | Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery | 7.1 |
| CVE-2023-23790 | Pods <= 2.9.10.2 - Cross-Site Request Forgery | 7.1 |
| CVE-2023-23821 | Interactive Polish Map <= 1.2 - Authenticated (Admi+) Stored Cross-Site Scripting | 6.6 |
| CVE-2023-23991 | Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection | 6.6 |
| CVE-2023-22701 | Ebook Store <= 5.775 - Missing Authorization via ebook_store_export_orders | 6.5 |
| CVE-2023-25454 | Protected Posts Logout Button <= 1.4.5 - Missing Authorization on pplb_options_save | 6.5 |
| CVE-2023-25035 | Quick Contact Form <= 8.0.3.1 - Cross-Site Request Forgery to Sensitive Information Disclosure | 6.5 |
| CVE-2023-45275 | Contact Form builder with drag & drop - Kali Forms <= 2.3.28 - Missing Authorization via get_log | 6.5 |
| CVE-2023-36523 | Email download link <= 3.7 - Unauthenticated Sensitive Information Exposure | 6.5 |
| CVE-2023-23795 | Form Builder <= 1.9.9.0 - Cross-Site Request Forgery | 6.5 |
| CVE-2023-6486 | Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS | 6.4 |
| CVE-2023-7225 | MapPress <= 2.88.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Settings | 6.4 |
| CVE-2023-6884 | Plugin for Google Reviews <= 3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode | 6.4 |
| CVE-2023-6524 | MapPress Maps for WordPress <= 2.88.13 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-47654 | BZScore – Live Score <= 1.03 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | 6.4 |
| CVE-2023-45049 | YouTube Playlist Player <= 4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-41728 | Rescue Shortcodes <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-40605 | Typing Effect <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | 6.4 |
| CVE-2023-37994 | Art Decoration Shortcode <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-35094 | WP Matterport Shortcode <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-23699 | Progress Bar <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppb shortcode | 6.4 |
| CVE-2023-23862 | Vertical scroll recent post <= 14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes | 6.4 |
| CVE-2023-23894 | Surbma | GDPR Proof Cookie Consent & Notice Bar <= 17.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-27631 | Daily Prayer Time <= 2023.03.20 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-25982 | Simple YouTube Responsive <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-23889 | Quick Paypal Payments <= 5.7.25 - Authenticated (Contributor+) Cross Site Scripting | 6.4 |
| CVE-2023-25798 | Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23885 | Quick Contact Form <= 8.0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23866 | Interactive Geo Maps <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-23728 | WP Flipclock <= 1.7.4 - Authenticated (Contributor+) Stored Cross Site Scripting | 6.4 |
| CVE-2023-44264 | The Awesome Feed – Custom Feed <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-44264 | The Awesome Feed – Custom Feed <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-41797 | Locations <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-39988 | WxSync <= 2.7.24 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-38516 | Audio Player with Playlist Ultimate <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23678 | WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 2.2.5 - Authenticated(Administrator+) CSV Injection | 6.4 |
| CVE-2023-0424 | MS-Reviews <= 1.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23647 | Team Member <= 4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via new_style_name | 6.4 |
| CVE-2024-6391 | oik <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bw_button Shortcode | 6.4 |
| CVE-2023-6692 | Ultimate Blocks – WordPress Blocks Plugin <= 3.0.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via metabox | 6.4 |
| CVE-2023-6382 | Master Slider - Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-6500 | Shariff Wrapper <= 4.6.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-6645 | Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 - Authenticated (Contributor+) Cross-Site Scripting | 6.4 |
| CVE-2023-49168 | BP Better Messages <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | 6.4 |
| CVE-2023-48770 | Aparat <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-45640 | WP ULike <= 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | 6.4 |
| CVE-2023-40669 | Collapse-O-Matic <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-40674 | Simple URLs <= 118 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23798 | Layer Slider <= 1.1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-36503 | MaxButtons <= 9.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-35882 | Super Socializer <= 7.13.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-35090 | MasterStudy LMS <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-27612 | Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | 6.4 |
| CVE-2023-27620 | Robo Gallery <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes | 6.4 |
| CVE-2023-23668 | GiveWP <= 2.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via give_form_grid shortcode | 6.4 |
| CVE-2023-26013 | Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes | 6.4 |
| CVE-2023-23876 | wpDataTables <= 2.1.49 - Authenticated (Contributor+) Stored Cross Site Scripting | 6.4 |
| CVE-2023-23708 | Visualizer <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes | 6.4 |
| CVE-2023-23874 | Ditty <= 3.0.32 - Authenticated (Contributor+) Stored Cross-Scripting via Shortcode | 6.4 |
| CVE-2023-25024 | Icegram Collect <= 1.3.8 - Authenticated(Contributor+) Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-25061 | Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23891 | Ocean Extra <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-24411 | BNE Testimonials <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23898 | Blocksy Companion <= 1.8.67 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-24374 | Material Design Icons for Page Builders <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-24378 | Glossary <= 2.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-24003 | WP Popups <= 2.1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23977 | WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-22712 | TemplatesNext ToolKit <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2022-2371 | YaySMTP – Simple WP SMTP Mail <= 2.2 - Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23975 | Quick Event Manager <= 9.7.4 - Missing Authorization Checks | 6.3 |
| CVE-2023-23974 | Quick Event Manager <= 9.7.4 - Cross-Site Request Forgery | 6.3 |
| CVE-2023-39997 | Popup by Supsystic <= 1.10.19 - Cross-Site Request Forgery | 6.3 |
| CVE-2023-33996 | Spam protection, AntiSpam, FireWall by CleanTalk <= 6.10 - Missing Authorization | 6.3 |
| CVE-2023-25043 | Data Tables Generator by Supsystic <= 1.10.25 - Missing Authorization | 6.3 |
| CVE-2023-41653 | Sermon'e – Sermons Online <= 1.0.0 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-37892 | Shortcode IMDB <= 6.0.8 - Cross-Site Request Forgery | 6.1 |
| CVE-2023-34017 | Five Star Restaurant Reservations <= 2.6.7 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-33326 | EventPrime <= 2.8.6 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-2710 | video carousel slider with lightbox <= 1.0.22 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-2708 | Video Gallery <= 1.0.10 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-24413 | wordpress vertical image slider plugin <= 1.2.16 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-24409 | WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.15 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-30785 | Video Grid <= 1.21 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-24392 | Full Width Banner Slider Wp <= 1.1.7 - Reflected Cross-Site Scripting via search_term | 6.1 |
| CVE-2023-28776 | Continuous Image Carousel With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting via search_term, order_by and order_pos | 6.1 |
| CVE-2023-25464 | Twitch Player <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 6.1 |
| CVE-2023-41867 | AcyMailing SMTP Newsletter <= 8.6.2 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-40667 | Simple URLs <= 117 - Reflected Cross-Site Scripting via 'post_id' | 6.1 |
| CVE-2023-49180 | Automatic Youtube Video Posts Plugin <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 5.5 |
| CVE-2023-47656 | ANAC XML Bandi di Gara <= 7.5 - Authenticated (Editor+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-24393 | Animated Number Counters <= 1.6 - Authenticated (Editor+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23786 | affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-25710 | Click to Call or Chat Buttons <= 1.4.0 - Authenticated(Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-25490 | Archivist – Custom Archive Templates <= 1.7.4 - Authenticated(Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-25702 | Quick Paypal Payments <= 5.7.25 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-25027 | Chained Quiz <= 1.3.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2022-47438 | Booking calendar, Appointment Booking System <= 3.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23994 | Auto Hide Admin Bar <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23980 | MailOptin <= 1.2.54.0 - Authenticated (Admin+) Cross Site Scripting | 5.5 |
| CVE-2023-23972 | Social Like Box and Page by WpDevArt <= 0.8.39 - Authenticated (Admin+) Stored Cross Site Scripting | 5.5 |
| CVE-2023-23998 | VikRentCar Car Rental Management System <= 1.3.0 - Authenticated (Admin+) Cross Site Scripting | 5.5 |
| CVE-2023-23718 | Page Loading Effects <= 2.0.0 - Authenticated (Admin+) Stored Cross Site Scripting | 5.5 |
| CVE-2023-23722 | WP eBay Product Feeds <= 3.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2022-3074 | Slider Hero <= 8.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-45767 | Simple Tweet <= 1.4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 5.5 |
| CVE-2023-45747 | WP Lightbox 2 <= 3.0.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 5.5 |
| CVE-2023-40552 | Fitness calculators plugin <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings | 5.5 |
| CVE-2023-25442 | Zeno Font Resizer <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-25705 | WP Prayer <= 1.9.6 - Authenticated(Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23995 | TinyMCE Custom Styles <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23996 | ProfilePress <= 4.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23982 | WPFrom Email <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23987 | User Registration <= 2.3.0 - Authenticated (Administrator+) Stored Cross Site Scripting | 5.5 |
| CVE-2023-23981 | Conversational Forms for ChatBot <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23870 | Responsive Vertical Icon Menu <= 1.5.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-22716 | OOPSpam Anti-Spam <= 1.1.35 - Authenticated (Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-22715 | WP-CommentNavi <= 1.12.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-25031 | Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23878 | WP MAPS <= 4.3.9 - Authenticated (Editor+) Stored Cross-Site Scripting | 5.5 |
| CVE-2022-2398 | WordPress Comments Fields <= 4.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-45047 | LeadSquared Suite <= 0.7.4 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-45048 | Social proof testimonials and reviews by Repuso <= 5.01 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-25463 | wp tell a friend popup form <= 7.1 - Cross-Site Request Forgery via 'TellAFriend_admin' | 5.4 |
| CVE-2023-24417 | Worthy – VG WORT Integration für WordPress <= 1.6.5-6497609 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-27632 | Daily Prayer Time <= 2023.03.08 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-27442 | Leyka <= 3.29.2 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-25481 | Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via save function | 5.4 |
| CVE-2023-25481 | Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via process_form function | 5.4 |
| CVE-2023-23864 | Very Simple Google Maps <= 2.8.4 - Authenticated (Contributor+) Stored Cross Site Scripting | 5.4 |
| CVE-2023-44997 | WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-44996 | Post View Count <= 2.0 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-41659 | Responsive Gallery Grid <= 2.3.13 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-30478 | Newsletters <= 4.8.8 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-25968 | Client Portal – Private user pages and login <= 1.1.8 - Cross-Site Request Forgery via cp_create_private_pages_for_all_users function | 5.4 |
| CVE-2023-25975 | Etsy Shop <= 3.0.3 - Cross-Site Request Forgery to Plugin Settings Update | 5.4 |
| CVE-2023-25056 | Feed Them Social <= 3.0.2 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-25994 | Publish to Schedule <= 4.4.2 - Cross-Site Request Forgery leading to Plugin Option Changes | 5.4 |
| CVE-2023-25698 | Shoppable Images <= 1.2.3 - Cross Site Request Forgery | 5.4 |
| CVE-2024-6392 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update | 5.4 |
| CVE-2023-6326 | Master Slider - Responsive Touch Slider <= 3.9.10 - Cross-Site Request Forgery via process_bulk_action | 5.4 |
| CVE-2023-40011 | Cost Calculator Builder <= 3.1.42 - Improper Authorization | 5.4 |
| CVE-2023-38513 | Photo Engine <= 6.2.5 - Authenticated (Author+) Insecure Direct Object Reference in ajax_generate_auth_token | 5.4 |
| CVE-2023-37890 | KB Support <= 1.5.88 - Missing Authorization to Sensitive Data Exposure | 5.4 |
| CVE-2023-34178 | Groundhogg <= 2.7.11 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-29437 | Connections Business Directory <= 10.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 5.4 |
| CVE-2023-25966 | Filebird <= 5.1.4 - Missing Authorization via resAdminPermissionsCheck | 5.4 |
| CVE-2023-25469 | Easy Table of Contents <= 2.0.45.2 - Missing Authorization via eztoc_reset_options_to_default | 5.4 |
| CVE-2023-27625 | Site Reviews <= 6.5.1 - Missing Authorization | 5.4 |
| CVE-2023-23672 | GiveWP <= 2.25.1 - Authenticated (Contributor+) Arbitrary Content Deletion | 5.4 |
| CVE-2023-25991 | RegistrationMagic <= 5.1.9.2 - Cross-Site Request Forgery leading to Form Metadata Deletion | 5.4 |
| CVE-2023-24415 | ChatBot <= 4.2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting and Settings Reset | 5.4 |
| CVE-2023-41796 | Sunshine Photo Cart <= 2.9.25 - Insecure Direct Object Reference to Order Manipulation | 5.3 |
| CVE-2023-38520 | Pinpoint Booking System <= 2.9.9.3.4 - Content Spoofing | 5.3 |
| CVE-2023-33321 | EventPrime <= 2.8.6 - Sensitive Information Exposure | 5.3 |
| CVE-2023-32127 | Multi Rating <= 5.0.6 - Missing Authorization to Arbitrary Ratings Value Change | 5.3 |
| CVE-2023-25057 | Libsyn Publisher Hub <= 1.3.2 - Sensitive Information Exposure | 5.3 |
| CVE-2023-27437 | Event Espresso 4 Decaf <= 4.10.44.decaf - Feature Bypass | 5.3 |
| CVE-2023-25785 | WP Post Rating <= 2.4.6 - Missing Authorization to Vote Manipulation | 5.3 |
| CVE-2023-24373 | Booking calendar, Appointment Booking System <= 3.2.3 - Unauthenticated Bypass Vulnerability | 5.3 |
| CVE-2023-23985 | Quiz Maker <= 6.3.9.4 - Content Spoofing | 5.3 |
| CVE-2023-23988 | My Tickets <= 1.9.11 - Authorization Bypass | 5.3 |
| CVE-2023-23989 | RegistrationMagic <= 5.1.9.2 - Missing Authorization to Unauthenticated Content Injection | 5.3 |
| CVE-2023-23976 | RegistrationMagic <= 5.1.9.2 - Improper Authorization to Price Change | 5.3 |
| CVE-2023-44258 | Schema App Structured Data <= 1.22.3 - Missing Authorization via page_init | 5.3 |
| CVE-2023-25457 | Slider Carousel – Responsive Image Slider <= 1.5.0 - Missing Authorization | 5.3 |
| CVE-2023-25443 | Button Generator – easily Button Builder <= 2.3.5 - Cross-Site Request Forgery in tools-data-base.php | 5.3 |
| CVE-2023-25048 | Fantastic Content Protector Free <= 2.6 - Missing Authorization via update_setting_fantastic_content_protector | 5.3 |
| CVE-2023-26520 | Advanced Text Widget <= 2.1.2 - Missing Authorization via atw_dismiss_admin_notice | 5.3 |
| CVE-2023-6496 | Manage Notification E-mails <= 1.8.5 - Missing Authorization | 5.3 |
| CVE-2023-41735 | Email posts to subscribers <= 6.2 - Missing Authorization to Sensitive Information Exposure | 5.3 |
| CVE-2023-29429 | User Registration <= 2.3.2.1 - Missing Authorization via send_test_email | 5.3 |
| CVE-2023-25455 | WordPress Social Login and Register <= 7.6.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion | 5.3 |
| CVE-2022-2350 | Disable User Login <= 1.0.1 - Missing Authorization to Unauthenticated Settings Update | 5.3 |
| CVE-2023-33310 | Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter | 5 |
| CVE-2023-6624 | Import and export users and customers <= 1.24.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | 4.9 |
| CVE-2024-37389 | Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.27.0 or 2.0.0-M4 is the recommended mitigation. | 4.6 |
| CVE-2023-6495 | YARPP – Yet Another Related Posts Plugin <= 5.30.9 - Authenticated(Administrator+) Cross-Site Scripting | 4.4 |
| CVE-2023-6487 | LuckyWP Table of Contents <= 2.1.5 - Authenticated (Administrator+) Cross-Site Scripting | 4.4 |
| CVE-2024-0598 | Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings | 4.4 |
| CVE-2023-4839 | WP Go Maps <= 9.0.32 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2024-0611 | Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated(Editor+) Stored Cross-Site Scripting via slider callback | 4.4 |
| CVE-2024-0614 | Events Manager <= 6.4.6.4 - Authenticated(Administator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2024-0602 | Yet Another Related Posts Plugin (YARPP) <= 5.30.9 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2024-0621 | Simple Share Buttons Adder <= 8.4.11 - Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings | 4.4 |
| CVE-2024-0604 | Best WordPress Gallery Plugin – FooGallery <= 2.4.7 -Authenticated(Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2024-0597 | SEO Plugin by Squirrly SEO <= 12.3.15 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2024-0612 | Content Views <= 3.6.2 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2024-0618 | Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title | 4.4 |
| CVE-2023-34018 | SoundCloud Shortcode <= 3.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-47511 | Pinyin Slugs <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-47228 | Layer Slider <= 1.1.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-47226 | Post Sliders & Post Grids <= 1.0.20 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23702 | Comments Ratings <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-47227 | Social Feed | All social media in one place <= 1.5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting] | 4.4 |
| CVE-2023-45755 | BuddyPress Global Search <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-45051 | Image vertical reel scroll slideshow <= 9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44987 | Timely Booking Button <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44228 | Onclick Show Popup <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44230 | Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44229 | Tiny Carousel Horizontal Slider <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41729 | SendPress Newsletters <= 1.23.11.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-40677 | Vertical Marquee Plugin <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25465 | wp tell a friend popup form <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-38387 | Elastic Email Sender <= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24412 | Image Social Feed Plugin <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-36688 | Simple Site Verify <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24391 | ApplyOnline – Application Form Builder and Manager <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-35779 | Seed Fonts 2.3.1 - Authenticated(Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-35095 | Flo Forms <= 1.0.40 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-34173 | Yandex Metrica Counter <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-34172 | WordPress Social Login <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-34183 | Unite Gallery Lite <= 1.7.61 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-34006 | Telegram Bot & Channel <= 3.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24394 | iframe popup <= 3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-23871 | Button <= 1.1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-32130 | Multi Rating <= 5.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-32120 | Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Manage Bookings | 4.4 |
| CVE-2023-23727 | Formilla Live Chat <= 1.3.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaID' | 4.4 |
| CVE-2023-23720 | Verified Reviews (Avis Vérifiés) <= 2.3.14 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-22684 | Subscribers – Free Web Push Notifications <= 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-22685 | Category Specific RSS feed Subscription <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-22690 | Ebook Store < 5.78 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-30749 | Optima Express + MarketBoost IDX Plugin <= 7.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24406 | Simple Popup Images <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24418 | Tiny carousel horizontal slider plus <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24389 | Social Proof (Testimonial) Slider <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23732 | Disqus Conditional Load <= 11.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings. | 4.4 |
| CVE-2023-23733 | Lazy Social Comments <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Options | 4.4 |
| CVE-2023-23734 | Userlike <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23884 | Kanban Boards for WordPress <= 2.5.21 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23863 | TreePress – Easy Family Trees & Ancestor Profiles <= 2.0.22 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'post_title' parameter | 4.4 |
| CVE-2023-23883 | WP Content Filter – Censor All Offensive Content From Your Site <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25052 | Yandex.News Feed by Teplitsa <= 1.12.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-26515 | Simple Slug Translate <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scritping | 4.4 |
| CVE-2023-26017 | Jobs for WordPress <= 2.5.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25979 | Video Gallery – YouTube Gallery <= 1.7.6 - Authenticated (Admin+) Stored Cross Site Scripting | 4.4 |
| CVE-2023-25978 | Protected Posts Logout Button <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting | 4.4 |
| CVE-2023-23710 | WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | 4.4 |
| CVE-2022-47608 | Quick Contact Form <= 8.0.3.1 - Authenticated (Admin+) Stored Cross Site Scripting | 4.4 |
| CVE-2023-24005 | Inline Tweet Sharer <= 2.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25479 | Podlove Subscribe button <= 1.3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25022 | Watu Quiz <= 3.3.8 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25023 | WebinarIgnition <= 2.14.2 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25046 | Podlove Podcast Publisher <= 3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25062 | Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23723 | WP Email Capture <= 3.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24387 | Organization chart <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24396 | VikBooking Hotel Booking Engine & PMS <= 1.5.11 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24383 | Namaste! LMS <= 2.5.9.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24002 | YouTube Embed <= 2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24004 | Image and Video Lightbox, Image Popup <= 2.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-46642 | SAHU TikTok Pixel for E-Commerce <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-46210 | WC Captcha <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-46200 | Smart App Banner <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-46199 | Triberr <= 4.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-45833 | LeadSquared Suite <= 0.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-45764 | Scroll post excerpt <= 8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-45768 | Next Page <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-45754 | Easy Testimonial Slider and Form <= 1.0.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-45010 | Complete Open Graph <= 3.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-45057 | Hitsteps Web Analytics <= 5.86 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-45056 | Open User Map | Everybody can add locations <= 1.3.26 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44263 | Social Metrics <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44265 | Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44262 | Blocks <= 1.6.42 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41731 | wordpress publish post email notification <= 1.0.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41733 | Back To The Top Button <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41734 | Insert Estimated Reading Time <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41737 | Swifty Bar, sticky bar by WPGens <= 1.2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41859 | Order Delivery Date for WP e-Commerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41800 | UniConsent Cookie Consent CMP for GDPR / CCPA <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41242 | Snap Pixel <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25483 | Easy Coming Soon <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-40675 | Landing Page Builder <= 1.5.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-40676 | Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-40560 | Schedule Posts Calendar <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings | 4.4 |
| CVE-2023-39987 | wSecure Lite <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-38482 | Post Affiliate Pro <= 1.24.9 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-38476 | Client Portal : SuiteDash Direct Login <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-38521 | Exifography <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-38518 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-38517 | WRC Pricing Tables <= 2.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-37993 | wpShopGermany IT-RECHT KANZLEI <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-37980 | Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25044 | Social Share Boost <= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25042 | oAuth Twitter Feed for Developers <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23811 | Smoothscroller <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23807 | MojoPlug Slide Panel <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-34187 | Call Now Icon Animate <= 0.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-33929 | Easy Admin Menu <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-33328 | MailChimp Subscribe Forms <= 4.0.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25462 | WP htaccess Control <= 3.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23819 | itemprop WP for SERP/SEO Rich snippets <= 3.5.201706131 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23818 | WP Register Profile With Shortcode <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-32577 | DevBuddy Twitter Feed <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-32505 | Easy Hide Login <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23654 | SparkPost <= 3.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-23674 | WP Original Media Path <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-23682 | EZP Maintenance Mode <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-23683 | White Label Branding for Elementor Page Builder <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-23673 | I Recommend This <= 3.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23794 | Semalt Blocker <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23810 | Panorama – WordPress Project Management Plugin <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-29434 | Optin Forms <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-29438 | SimpleModal Contact Form (SMCF) <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23812 | Enhanced WP Contact Form <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23789 | Premmerce Redirect Manager <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23788 | Custom More Link Complete <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-28778 | Pagination by BestWebSoft <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-28774 | Review Stream <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-28695 | VigilanTor <= 1.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-28496 | SMTP2GO <= 1.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings | 4.4 |
| CVE-2023-28423 | Modern Footnotes <= 1.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-27439 | New Adman <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25451 | CPO Content Types <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25021 | FareHarbor for WordPress <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-27452 | Button Generator – easily Button Builder <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25491 | JCH Optimize <= 3.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings | 4.4 |
| CVE-2023-26537 | WP No External Links <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping | 4.4 |
| CVE-2023-26539 | Advanced Text Widget <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-26519 | Publish to Schedule <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-26517 | Dashboard Widgets Suite <= 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-26010 | WPMobile.App — Android and iOS Mobile Application <= 11.18 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25962 | Accordions <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Several Parameters | 4.4 |
| CVE-2023-23816 | Sitemap Index <= 1.2.3 - Authenticated(Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23785 | Exquisite PayPal Donation <= v2.0.0 - Authenticated(Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23806 | WordPress Custom Settings <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23809 | Stock market charts from finviz <= 1.0.1 - Authenticated(Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23881 | Circles Gallery <= 1.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings | 4.4 |
| CVE-2023-23875 | Binge Site Verification using Meta Tag <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings | 4.4 |
| CVE-2023-23808 | Sponsors Carousel <= 4.02 - Authenticated (Admin+) Stored Cross-Site Scripting in show | 4.4 |
| CVE-2023-22683 | Clio Grow <= 1.0.0 - Authenticated (Admin+) Stored Cross Site Scripting | 4.4 |
| CVE-2023-25794 | Nooz <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25795 | Feed Changer <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25789 | Tapfiliate <= 3.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25792 | WP Open Social <= 5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25784 | Sticky Ad Bar <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25782 | Service Area Postcode Checker <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25786 | Eyes Only: User Access Shortcode <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23799 | Easy Panorama <= 1.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25485 | JSON Content Importer <= 1.3.15 - Authenticated (Admin+) Cross Site Scripting | 4.4 |
| CVE-2023-25783 | Peadig's Like & Share Button <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25781 | Upload File Type Settings Plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25787 | WP资源下载管理 <= 1.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25796 | WP BaiDu Submit <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25712 | Google Analytics Opt-Out <= 2.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25716 | Announce from the Dashboard <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25484 | Simple Yearly Archive <= 2.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25064 | WP htpasswd <= 1.7 - Authenticated (Admin+) Stored Cross Site Scripting | 4.4 |
| CVE-2023-25059 | avalex – Automatisch sichere Rechtstexte <= 3.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24381 | Advanced Social Pixel <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24006 | WP Terms Popup <= 2.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24001 | Modal Dialog <= 3.5.9 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23675 | WP Smart Preloader <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-6594 | WordPress Button Plugin MaxButtons <= 9.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41736 | Email posts to subscribers <= 6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-0874 | Klaviyo <= 3.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25983 | KB Support <= 1.5.84 - Authenticated (Subscriber+) CSV Injection | 4.4 |
| CVE-2022-47613 | ChatBot <= 4.3.0 - Authenticated (Admin+) Cross-Site Scripting | 4.4 |
| CVE-2023-47655 | ANAC XML Bandi di Gara <= 7.5 - Cross-Site Request Forgery via settings.php | 4.3 |
| CVE-2023-45753 | which template file <= 4.8.0 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41730 | SendPress Newsletters <= 1.23.11.6 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-34169 | TS Webfonts for さくらのレンタルサーバ <= 3.1.1 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-32125 | Multi Rating <= 5.0.6 - Cross-Site Request Forgery to Arbitrary Ratings Value Change | 4.3 |
| CVE-2023-23704 | Comments Ratings <= 1.1.6 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-28498 | Hotel Booking Lite <= 4.6.0 - Cross-Site Request Forgery to Settings Update | 4.3 |
| CVE-2023-23705 | WordPress Books Gallery <= 4.4.8 - Cross-Site Request Forgery leading to Plugin Settings Changes | 4.3 |
| CVE-2023-23724 | WordPress Email Marketing Plugin – WP Email Capture <= 3.9.3 - Cross Site Request Forgery | 4.3 |
| CVE-2023-25472 | Podlove Podcast Publisher <= 3.8.3 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-24388 | Booking calendar, Appointment Booking System <= 3.2.3 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-24384 | Organization chart <= 1.4.4 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-23983 | Responsive Vertical Icon Menu <= 1.5.8 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-22691 | Category Specific RSS feed Subscription <= 2.1 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-45647 | Constant Contact Forms by MailMunch <= 2.0.10 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-45749 | AGP Font Awesome Collection <= 3.2.4 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-45011 | WP Power Stats <= 2.2.3 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-44259 | Mediavine Control Panel <= 2.10.2 - Cross-Site Request Forgery via render_settings_page | 4.3 |
| CVE-2023-44257 | Mang Board WP <= 1.8.1 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41850 | Outbound Link Manager <= 1.2 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41851 | WP Custom Post Template <= 1.0 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41858 | Order Delivery Date for WP e-Commerce <= 1.2 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41854 | wpCentral <= 1.5.7 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41651 | Multi-column Tag Map <= 17.0.26 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41650 | Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41656 | Better Elementor Addons <= 1.3.8 - Missing Authorization | 4.3 |
| CVE-2023-41650 | Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41654 | authLdap <= 2.5.8 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-27448 | MakeStories (for Google Web Stories) <= 3.0.2 - Cross-Site Request Forgery via 'ms_set_options' | 4.3 |
| CVE-2023-25033 | Social Share Boost <= 4.5 - Cross-Site Request Forgery via 'syntatical_settings_content' | 4.3 |
| CVE-2023-25480 | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.24.1 - Cross-Site Request Forgery via submitDefaultEditor | 4.3 |
| CVE-2023-34029 | Disable WordPress Update Notifications <= 2.3.3 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-23787 | Premmerce Redirect Manager <= 1.0.10 - Cross-Site Request Forgery via deleteRedirect() | 4.3 |
| CVE-2023-28497 | Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_galleries | 4.3 |
| CVE-2023-28497 | Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_slides | 4.3 |
| CVE-2023-28173 | Google XML Sitemap for Images <= 2.1.3 - Cross-Site Request Forgery via image_sitemap_generate | 4.3 |
| CVE-2023-28167 | CF7 Invisible reCAPTCHA <= 1.3.3 - Cross-Site Request Forgery via vsz_cf7_invisible_recaptcha_page | 4.3 |
| CVE-2023-27611 | Reusable Blocks Extended <= 0.9 - Cross-Site Request Forgery via reblex_reusable_screen_block_pattern_registration | 4.3 |
| CVE-2023-25449 | cformsII <= 15.0.4 - Cross-Site Request Forgery leading to Settings Updates | 4.3 |
| CVE-2023-25450 | GiveWP <= 2.25.1 - Cross-Site Request Forgery via give_cache_flush | 4.3 |
| CVE-2023-27445 | Blog Floating Button <= 1.4.12 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-27436 | Elegant Custom Fonts <= 1.0 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-27441 | New Adman <= 1.6.8 - Cross-Site Request Forgery via plugin_menu | 4.3 |
| CVE-2023-27434 | Classic Editor and Classic Widgets <= 1.2.5 - Cross-Site Request Forgery via render_settings_page | 4.3 |
| CVE-2023-27458 | WpStream – Live Streaming, Video on Demand, Pay Per View <= 4.4.10 - Cross-Site Request Forgery via wpstream_settings | 4.3 |
| CVE-2023-27457 | Add Expires Headers & Optimized Minify <= 2.7 - Cross-Site Request Forgery via [placeholder] | 4.3 |
| CVE-2023-25470 | Rus-To-Lat <= 0.3 - Cross-Site Request Forgery to Plugins Options Changes | 4.3 |
| CVE-2023-26524 | Quiz And Survey Master <= 8.0.10 - Cross-Site Request Forgery to Quiz Restoration | 4.3 |
| CVE-2023-26518 | WP TFeed <= 1.6.9 - Cross-Site Request Forgery via aptf_delete_cache | 4.3 |
| CVE-2023-26514 | XML Sitemap Generator for Google <= 1.3.3 - Cross-Site Request Forgery to Plugin Settings Changes | 4.3 |
| CVE-2023-26532 | Social Auto Poster <= 2.1.4 - Cross-Site Request Forgery to Plugin Settings Reset | 4.3 |
| CVE-2023-25038 | For the visually impaired <= 0.58 - Cross-Site Request Forgery to Plugin Settings Changes | 4.3 |
| CVE-2023-25973 | Auto Affiliate Links <= 6.3.0.2 - Cross-Site Request Forgery via aalChangeOptions function | 4.3 |
| CVE-2023-25058 | Schema - All In One Schema Rich Snippets <= 1.6.5 - Cross-Site Request Forgery in rich_snippet_dashboard | 4.3 |
| CVE-2023-23984 | Bubble Menu – circle floating menu <= 3.0.1 - Cross Site Request Forgery | 4.3 |
| CVE-2023-23973 | Contact Us Page – Contact People <= 3.7.0 - Cross Site Request Forgery | 4.3 |
| CVE-2023-6492 | Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices | 4.3 |
| CVE-2023-6491 | Strong Testimonials <= 3.1.12 - Authenticated(Contributor+) Improper Authorization to Views Modification | 4.3 |
| CVE-2023-6493 | Depicter Slider – Responsive Image Slider, Video Slider & Post Slider <= 2.0.6 - Cross-Site Request Forgery via save | 4.3 |
| CVE-2023-47557 | Visitors Traffic Real Time Statistics <= 7.2 - Missing Authorization via multiple AJAX actions | 4.3 |
| CVE-2023-46197 | Popup by Supsystic <= 1.10.19 - Missing Authorization to Sensitive Information Exposure | 4.3 |
| CVE-2023-41802 | Super Socializer <= 7.13.54 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41866 | Automatic YouTube Gallery <= 2.3.3 - Missing Authorization via AJAX actions | 4.3 |
| CVE-2023-41802 | Super Socializer <= 7.13.54 - Missing Authorization | 4.3 |
| CVE-2023-33994 | Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview | 4.3 |
| CVE-2023-40678 | Simple URLs <= 117 - Missing Authorization via AJAX actions | 4.3 |
| CVE-2023-35093 | MasterStudy LMS <= 3.0.8 - Missing Authorization to Course Category Creation | 4.3 |
| CVE-2023-33995 | Photo Gallery <= 1.8.15 - Missing Authorization | 4.3 |
| CVE-2023-23671 | Layer Slider <= 1.1.9.7 - Cross-Site Request Forgery via save_slide_ajax | 4.3 |
| CVE-2023-29440 | Simple Job Board <= 2.10.3 - Cross-Site Request Forgery via sjb_save_settings_section | 4.3 |
| CVE-2023-25993 | Top 10 – Popular posts plugin for WordPress <= 3.2.3 - Missing Authorization on tptn_ajax_clearcache | 4.3 |
| CVE-2023-23992 | AutomatorWP <= 2.5.0 - Cross Site Request Forgery | 4.3 |
| CVE-2023-23890 | WP Airbnb Review Slider <= 3.2 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-23978 | WP Client Reports <= 1.0.16 - Missing Authorization to Sensitive Information Exposure | 4.3 |
| CVE-2023-23895 | WP Time Slots Booking Form <= 1.1.82 - Improper Authorization Checks | 4.1 |
| CVE-2023-23814 | CP Multi View Event Calendar <= 1.4.13 - Insufficient Authorization | 3.8 |
| CVE-2023-23971 | WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting | 3.8 |
| CVE-2023-41798 | Directorist <= 7.7.1 - CSV Injection | 3.8 |
| CVE-2021-24614 | Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS) | 3.5 |
| CVE-2021-24622 | WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting | 3.5 |
| CVE-2022-2395 | weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting | 3.4 |
| CVE-2023-41655 | authLdap <= 2.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 3.3 |
| CVE-2023-35092 | breadcrumb simple <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 3.3 |
| CVE-2023-23822 | UTM Tracker <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 3.3 |
| CVE-2021-24623 | WordPress Advanced Ticket System < 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS) | 2.7 |
| CVE-2021-24621 | WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code | 2.5 |
