Apa itu CVE?
CVE (Common Vulnerabilities and Exposures) adalah daftar cacat keamanan yang diketahui dalam perangkat lunak dan perangkat keras. Setiap CVE mengidentifikasi kerentanan spesifik yang dapat dieksploitasi oleh peretas, membantu bisnis dengan cepat mengatasi masalah tersebut dan meningkatkan keamanan mereka.
| CVEs | Description | CVSSv3 Score |
|---|---|---|
| CVE-2023-44227 | Simple File List <= 6.1.9 - Unauthenticated Arbitrary File Deletion | 9.1 |
| CVE-2023-23706 | WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Cross-Site Request Forgery | 8.8 |
| CVE-2023-22714 | Coming Soon by Supsystic <= 1.7.10 - Cross Site Request Forgery | 8.8 |
| CVE-2023-23796 | Form Builder <= 1.9.9.0 - Unauthenticated CSV Injection | 8.3 |
| CVE-2023-22719 | GiveWP <= 2.25.1 - Unauthenticated CSV Injection | 8.3 |
| CVE-2023-6266 | Backup Migration <= 1.3.6 - Unauthenticated Arbitrary Backup Download to Sensitive Information Exposure | 7.5 |
| CVE-2022-2369 | YaySMTP – Simple WP SMTP Mail <= 2.2 - Sensitive Information Disclosure | 7.5 |
| CVE-2023-25714 | Quick Paypal Payments <= 5.7.25 - Missing Authorization | 7.3 |
| CVE-2023-40679 | Master Addons for Elementor <= 2.0.5.3 - Missing Authorization | 7.3 |
| CVE-2023-24379 | Landing Page Builder – Free Landing Page Templates <= 3.1.9.8 - Local File Inclusion via 'lpp_template_select' | 7.2 |
| CVE-2023-27450 | Leyka <= 3.29.2 - Unauthenticated Stored Cross-Site Scripting | 7.2 |
| CVE-2023-25713 | Quick Paypal Payments <= 5.7.25 - Unauthenticated Stored Cross Site Scripting | 7.2 |
| CVE-2023-23979 | Quick Event Manager <= 9.7.4 - Unauthenticated Stored Cross Site Scripting | 7.2 |
| CVE-2023-24403 | bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 7.2 |
| CVE-2023-34179 | Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection | 7.2 |
| CVE-2023-25020 | Arigato Autoresponder and Newsletter <= 2.7.1 - Unauthenticated Stored Cross-Site Scripting | 7.2 |
| CVE-2022-2565 | Simple Payment Donations <= 4.2.0 - Unauthenticated Stored Cross-Site Scripting | 7.2 |
| CVE-2022-2559 | Fluent Support <= 1.5.7 - Authenticated (Administrator+) SQL Injection | 7.2 |
| CVE-2023-25448 | Archivist – Custom Archive Templates <= 1.7.4 - Cross-Site Request Forgery | 7.1 |
| CVE-2023-24419 | Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery | 7.1 |
| CVE-2023-23790 | Pods <= 2.9.10.2 - Cross-Site Request Forgery | 7.1 |
| CVE-2023-23821 | Interactive Polish Map <= 1.2 - Authenticated (Admi+) Stored Cross-Site Scripting | 6.6 |
| CVE-2023-23991 | Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection | 6.6 |
| CVE-2023-22701 | Ebook Store <= 5.775 - Missing Authorization via ebook_store_export_orders | 6.5 |
| CVE-2023-25454 | Protected Posts Logout Button <= 1.4.5 - Missing Authorization on pplb_options_save | 6.5 |
| CVE-2023-25035 | Quick Contact Form <= 8.0.3.1 - Cross-Site Request Forgery to Sensitive Information Disclosure | 6.5 |
| CVE-2023-45275 | Contact Form builder with drag & drop - Kali Forms <= 2.3.28 - Missing Authorization via get_log | 6.5 |
| CVE-2023-36523 | Email download link <= 3.7 - Unauthenticated Sensitive Information Exposure | 6.5 |
| CVE-2023-23795 | Form Builder <= 1.9.9.0 - Cross-Site Request Forgery | 6.5 |
| CVE-2023-6486 | Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS | 6.4 |
| CVE-2023-7225 | MapPress <= 2.88.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Settings | 6.4 |
| CVE-2023-6884 | Plugin for Google Reviews <= 3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode | 6.4 |
| CVE-2023-6524 | MapPress Maps for WordPress <= 2.88.13 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-47654 | BZScore – Live Score <= 1.03 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | 6.4 |
| CVE-2023-45049 | YouTube Playlist Player <= 4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-41728 | Rescue Shortcodes <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-40605 | Typing Effect <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | 6.4 |
| CVE-2023-37994 | Art Decoration Shortcode <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-35094 | WP Matterport Shortcode <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-23699 | Progress Bar <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppb shortcode | 6.4 |
| CVE-2023-23862 | Vertical scroll recent post <= 14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes | 6.4 |
| CVE-2023-23894 | Surbma | GDPR Proof Cookie Consent & Notice Bar <= 17.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-27631 | Daily Prayer Time <= 2023.03.20 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-25982 | Simple YouTube Responsive <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-23889 | Quick Paypal Payments <= 5.7.25 - Authenticated (Contributor+) Cross Site Scripting | 6.4 |
| CVE-2023-25798 | Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23885 | Quick Contact Form <= 8.0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23866 | Interactive Geo Maps <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-23728 | WP Flipclock <= 1.7.4 - Authenticated (Contributor+) Stored Cross Site Scripting | 6.4 |
| CVE-2023-44264 | The Awesome Feed – Custom Feed <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-44264 | The Awesome Feed – Custom Feed <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-41797 | Locations <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-39988 | WxSync <= 2.7.24 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-38516 | Audio Player with Playlist Ultimate <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23678 | WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 2.2.5 - Authenticated(Administrator+) CSV Injection | 6.4 |
| CVE-2023-0424 | MS-Reviews <= 1.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23647 | Team Member <= 4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via new_style_name | 6.4 |
| CVE-2024-6391 | oik <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bw_button Shortcode | 6.4 |
| CVE-2023-6692 | Ultimate Blocks – WordPress Blocks Plugin <= 3.0.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via metabox | 6.4 |
| CVE-2023-6382 | Master Slider - Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-6500 | Shariff Wrapper <= 4.6.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-6645 | Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 - Authenticated (Contributor+) Cross-Site Scripting | 6.4 |
| CVE-2023-49168 | BP Better Messages <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | 6.4 |
| CVE-2023-48770 | Aparat <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-45640 | WP ULike <= 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | 6.4 |
| CVE-2023-40669 | Collapse-O-Matic <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-40674 | Simple URLs <= 118 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23798 | Layer Slider <= 1.1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-36503 | MaxButtons <= 9.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-35882 | Super Socializer <= 7.13.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-35090 | MasterStudy LMS <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-27612 | Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | 6.4 |
| CVE-2023-27620 | Robo Gallery <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes | 6.4 |
| CVE-2023-23668 | GiveWP <= 2.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via give_form_grid shortcode | 6.4 |
| CVE-2023-26013 | Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes | 6.4 |
| CVE-2023-23876 | wpDataTables <= 2.1.49 - Authenticated (Contributor+) Stored Cross Site Scripting | 6.4 |
| CVE-2023-23708 | Visualizer <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes | 6.4 |
| CVE-2023-23874 | Ditty <= 3.0.32 - Authenticated (Contributor+) Stored Cross-Scripting via Shortcode | 6.4 |
| CVE-2023-25024 | Icegram Collect <= 1.3.8 - Authenticated(Contributor+) Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-25061 | Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23891 | Ocean Extra <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-24411 | BNE Testimonials <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23898 | Blocksy Companion <= 1.8.67 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-24374 | Material Design Icons for Page Builders <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-24378 | Glossary <= 2.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-24003 | WP Popups <= 2.1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23977 | WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 6.4 |
| CVE-2023-22712 | TemplatesNext ToolKit <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | 6.4 |
| CVE-2022-2371 | YaySMTP – Simple WP SMTP Mail <= 2.2 - Stored Cross-Site Scripting | 6.4 |
| CVE-2023-23975 | Quick Event Manager <= 9.7.4 - Missing Authorization Checks | 6.3 |
| CVE-2023-23974 | Quick Event Manager <= 9.7.4 - Cross-Site Request Forgery | 6.3 |
| CVE-2023-39997 | Popup by Supsystic <= 1.10.19 - Cross-Site Request Forgery | 6.3 |
| CVE-2023-33996 | Spam protection, AntiSpam, FireWall by CleanTalk <= 6.10 - Missing Authorization | 6.3 |
| CVE-2023-25043 | Data Tables Generator by Supsystic <= 1.10.25 - Missing Authorization | 6.3 |
| CVE-2023-41653 | Sermon'e – Sermons Online <= 1.0.0 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-37892 | Shortcode IMDB <= 6.0.8 - Cross-Site Request Forgery | 6.1 |
| CVE-2023-34017 | Five Star Restaurant Reservations <= 2.6.7 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-33326 | EventPrime <= 2.8.6 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-2710 | video carousel slider with lightbox <= 1.0.22 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-2708 | Video Gallery <= 1.0.10 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-24413 | wordpress vertical image slider plugin <= 1.2.16 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-24409 | WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.15 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-30785 | Video Grid <= 1.21 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-24392 | Full Width Banner Slider Wp <= 1.1.7 - Reflected Cross-Site Scripting via search_term | 6.1 |
| CVE-2023-28776 | Continuous Image Carousel With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting via search_term, order_by and order_pos | 6.1 |
| CVE-2023-25464 | Twitch Player <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 6.1 |
| CVE-2023-41867 | AcyMailing SMTP Newsletter <= 8.6.2 - Reflected Cross-Site Scripting | 6.1 |
| CVE-2023-40667 | Simple URLs <= 117 - Reflected Cross-Site Scripting via 'post_id' | 6.1 |
| CVE-2023-49180 | Automatic Youtube Video Posts Plugin <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 5.5 |
| CVE-2023-47656 | ANAC XML Bandi di Gara <= 7.5 - Authenticated (Editor+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-24393 | Animated Number Counters <= 1.6 - Authenticated (Editor+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23786 | affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-25710 | Click to Call or Chat Buttons <= 1.4.0 - Authenticated(Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-25490 | Archivist – Custom Archive Templates <= 1.7.4 - Authenticated(Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-25702 | Quick Paypal Payments <= 5.7.25 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-25027 | Chained Quiz <= 1.3.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2022-47438 | Booking calendar, Appointment Booking System <= 3.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23994 | Auto Hide Admin Bar <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23980 | MailOptin <= 1.2.54.0 - Authenticated (Admin+) Cross Site Scripting | 5.5 |
| CVE-2023-23972 | Social Like Box and Page by WpDevArt <= 0.8.39 - Authenticated (Admin+) Stored Cross Site Scripting | 5.5 |
| CVE-2023-23998 | VikRentCar Car Rental Management System <= 1.3.0 - Authenticated (Admin+) Cross Site Scripting | 5.5 |
| CVE-2023-23718 | Page Loading Effects <= 2.0.0 - Authenticated (Admin+) Stored Cross Site Scripting | 5.5 |
| CVE-2023-23722 | WP eBay Product Feeds <= 3.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2022-3074 | Slider Hero <= 8.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-45767 | Simple Tweet <= 1.4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 5.5 |
| CVE-2023-45747 | WP Lightbox 2 <= 3.0.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 5.5 |
| CVE-2023-40552 | Fitness calculators plugin <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings | 5.5 |
| CVE-2023-25442 | Zeno Font Resizer <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-25705 | WP Prayer <= 1.9.6 - Authenticated(Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23995 | TinyMCE Custom Styles <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23996 | ProfilePress <= 4.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23982 | WPFrom Email <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23987 | User Registration <= 2.3.0 - Authenticated (Administrator+) Stored Cross Site Scripting | 5.5 |
| CVE-2023-23981 | Conversational Forms for ChatBot <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23870 | Responsive Vertical Icon Menu <= 1.5.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-22716 | OOPSpam Anti-Spam <= 1.1.35 - Authenticated (Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-22715 | WP-CommentNavi <= 1.12.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-25031 | Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-23878 | WP MAPS <= 4.3.9 - Authenticated (Editor+) Stored Cross-Site Scripting | 5.5 |
| CVE-2022-2398 | WordPress Comments Fields <= 4.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 5.5 |
| CVE-2023-45047 | LeadSquared Suite <= 0.7.4 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-45048 | Social proof testimonials and reviews by Repuso <= 5.01 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-25463 | wp tell a friend popup form <= 7.1 - Cross-Site Request Forgery via 'TellAFriend_admin' | 5.4 |
| CVE-2023-24417 | Worthy – VG WORT Integration für WordPress <= 1.6.5-6497609 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-27632 | Daily Prayer Time <= 2023.03.08 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-27442 | Leyka <= 3.29.2 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-25481 | Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via save function | 5.4 |
| CVE-2023-25481 | Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via process_form function | 5.4 |
| CVE-2023-23864 | Very Simple Google Maps <= 2.8.4 - Authenticated (Contributor+) Stored Cross Site Scripting | 5.4 |
| CVE-2023-44997 | WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-44996 | Post View Count <= 2.0 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-41659 | Responsive Gallery Grid <= 2.3.13 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-30478 | Newsletters <= 4.8.8 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-25968 | Client Portal – Private user pages and login <= 1.1.8 - Cross-Site Request Forgery via cp_create_private_pages_for_all_users function | 5.4 |
| CVE-2023-25975 | Etsy Shop <= 3.0.3 - Cross-Site Request Forgery to Plugin Settings Update | 5.4 |
| CVE-2023-25056 | Feed Them Social <= 3.0.2 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-25994 | Publish to Schedule <= 4.4.2 - Cross-Site Request Forgery leading to Plugin Option Changes | 5.4 |
| CVE-2023-25698 | Shoppable Images <= 1.2.3 - Cross Site Request Forgery | 5.4 |
| CVE-2024-6392 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update | 5.4 |
| CVE-2023-6326 | Master Slider - Responsive Touch Slider <= 3.9.10 - Cross-Site Request Forgery via process_bulk_action | 5.4 |
| CVE-2023-40011 | Cost Calculator Builder <= 3.1.42 - Improper Authorization | 5.4 |
| CVE-2023-38513 | Photo Engine <= 6.2.5 - Authenticated (Author+) Insecure Direct Object Reference in ajax_generate_auth_token | 5.4 |
| CVE-2023-37890 | KB Support <= 1.5.88 - Missing Authorization to Sensitive Data Exposure | 5.4 |
| CVE-2023-34178 | Groundhogg <= 2.7.11 - Cross-Site Request Forgery | 5.4 |
| CVE-2023-29437 | Connections Business Directory <= 10.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | 5.4 |
| CVE-2023-25966 | Filebird <= 5.1.4 - Missing Authorization via resAdminPermissionsCheck | 5.4 |
| CVE-2023-25469 | Easy Table of Contents <= 2.0.45.2 - Missing Authorization via eztoc_reset_options_to_default | 5.4 |
| CVE-2023-27625 | Site Reviews <= 6.5.1 - Missing Authorization | 5.4 |
| CVE-2023-23672 | GiveWP <= 2.25.1 - Authenticated (Contributor+) Arbitrary Content Deletion | 5.4 |
| CVE-2023-25991 | RegistrationMagic <= 5.1.9.2 - Cross-Site Request Forgery leading to Form Metadata Deletion | 5.4 |
| CVE-2023-24415 | ChatBot <= 4.2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting and Settings Reset | 5.4 |
| CVE-2023-41796 | Sunshine Photo Cart <= 2.9.25 - Insecure Direct Object Reference to Order Manipulation | 5.3 |
| CVE-2023-38520 | Pinpoint Booking System <= 2.9.9.3.4 - Content Spoofing | 5.3 |
| CVE-2023-33321 | EventPrime <= 2.8.6 - Sensitive Information Exposure | 5.3 |
| CVE-2023-32127 | Multi Rating <= 5.0.6 - Missing Authorization to Arbitrary Ratings Value Change | 5.3 |
| CVE-2023-25057 | Libsyn Publisher Hub <= 1.3.2 - Sensitive Information Exposure | 5.3 |
| CVE-2023-27437 | Event Espresso 4 Decaf <= 4.10.44.decaf - Feature Bypass | 5.3 |
| CVE-2023-25785 | WP Post Rating <= 2.4.6 - Missing Authorization to Vote Manipulation | 5.3 |
| CVE-2023-24373 | Booking calendar, Appointment Booking System <= 3.2.3 - Unauthenticated Bypass Vulnerability | 5.3 |
| CVE-2023-23985 | Quiz Maker <= 6.3.9.4 - Content Spoofing | 5.3 |
| CVE-2023-23988 | My Tickets <= 1.9.11 - Authorization Bypass | 5.3 |
| CVE-2023-23989 | RegistrationMagic <= 5.1.9.2 - Missing Authorization to Unauthenticated Content Injection | 5.3 |
| CVE-2023-23976 | RegistrationMagic <= 5.1.9.2 - Improper Authorization to Price Change | 5.3 |
| CVE-2023-44258 | Schema App Structured Data <= 1.22.3 - Missing Authorization via page_init | 5.3 |
| CVE-2023-25457 | Slider Carousel – Responsive Image Slider <= 1.5.0 - Missing Authorization | 5.3 |
| CVE-2023-25443 | Button Generator – easily Button Builder <= 2.3.5 - Cross-Site Request Forgery in tools-data-base.php | 5.3 |
| CVE-2023-25048 | Fantastic Content Protector Free <= 2.6 - Missing Authorization via update_setting_fantastic_content_protector | 5.3 |
| CVE-2023-26520 | Advanced Text Widget <= 2.1.2 - Missing Authorization via atw_dismiss_admin_notice | 5.3 |
| CVE-2023-6496 | Manage Notification E-mails <= 1.8.5 - Missing Authorization | 5.3 |
| CVE-2023-41735 | Email posts to subscribers <= 6.2 - Missing Authorization to Sensitive Information Exposure | 5.3 |
| CVE-2023-29429 | User Registration <= 2.3.2.1 - Missing Authorization via send_test_email | 5.3 |
| CVE-2023-25455 | WordPress Social Login and Register <= 7.6.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion | 5.3 |
| CVE-2022-2350 | Disable User Login <= 1.0.1 - Missing Authorization to Unauthenticated Settings Update | 5.3 |
| CVE-2023-33310 | Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter | 5 |
| CVE-2023-6624 | Import and export users and customers <= 1.24.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode | 4.9 |
| CVE-2024-37389 | Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.27.0 or 2.0.0-M4 is the recommended mitigation. | 4.6 |
| CVE-2023-6495 | YARPP – Yet Another Related Posts Plugin <= 5.30.9 - Authenticated(Administrator+) Cross-Site Scripting | 4.4 |
| CVE-2023-6487 | LuckyWP Table of Contents <= 2.1.5 - Authenticated (Administrator+) Cross-Site Scripting | 4.4 |
| CVE-2024-0598 | Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings | 4.4 |
| CVE-2023-4839 | WP Go Maps <= 9.0.32 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2024-0611 | Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated(Editor+) Stored Cross-Site Scripting via slider callback | 4.4 |
| CVE-2024-0614 | Events Manager <= 6.4.6.4 - Authenticated(Administator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2024-0602 | Yet Another Related Posts Plugin (YARPP) <= 5.30.9 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2024-0621 | Simple Share Buttons Adder <= 8.4.11 - Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings | 4.4 |
| CVE-2024-0604 | Best WordPress Gallery Plugin – FooGallery <= 2.4.7 -Authenticated(Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2024-0597 | SEO Plugin by Squirrly SEO <= 12.3.15 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2024-0612 | Content Views <= 3.6.2 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2024-0618 | Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title | 4.4 |
| CVE-2023-34018 | SoundCloud Shortcode <= 3.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-47511 | Pinyin Slugs <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-47228 | Layer Slider <= 1.1.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-47226 | Post Sliders & Post Grids <= 1.0.20 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23702 | Comments Ratings <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-47227 | Social Feed | All social media in one place <= 1.5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting] | 4.4 |
| CVE-2023-45755 | BuddyPress Global Search <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-45051 | Image vertical reel scroll slideshow <= 9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44987 | Timely Booking Button <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44228 | Onclick Show Popup <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44230 | Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44229 | Tiny Carousel Horizontal Slider <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41729 | SendPress Newsletters <= 1.23.11.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-40677 | Vertical Marquee Plugin <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25465 | wp tell a friend popup form <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-38387 | Elastic Email Sender <= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24412 | Image Social Feed Plugin <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-36688 | Simple Site Verify <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24391 | ApplyOnline – Application Form Builder and Manager <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-35779 | Seed Fonts 2.3.1 - Authenticated(Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-35095 | Flo Forms <= 1.0.40 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-34173 | Yandex Metrica Counter <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-34172 | WordPress Social Login <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-34183 | Unite Gallery Lite <= 1.7.61 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-34006 | Telegram Bot & Channel <= 3.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24394 | iframe popup <= 3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-23871 | Button <= 1.1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-32130 | Multi Rating <= 5.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-32120 | Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Manage Bookings | 4.4 |
| CVE-2023-23727 | Formilla Live Chat <= 1.3.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaID' | 4.4 |
| CVE-2023-23720 | Verified Reviews (Avis Vérifiés) <= 2.3.14 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-22684 | Subscribers – Free Web Push Notifications <= 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-22685 | Category Specific RSS feed Subscription <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-22690 | Ebook Store < 5.78 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-30749 | Optima Express + MarketBoost IDX Plugin <= 7.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24406 | Simple Popup Images <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24418 | Tiny carousel horizontal slider plus <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24389 | Social Proof (Testimonial) Slider <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23732 | Disqus Conditional Load <= 11.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings. | 4.4 |
| CVE-2023-23733 | Lazy Social Comments <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Options | 4.4 |
| CVE-2023-23734 | Userlike <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23884 | Kanban Boards for WordPress <= 2.5.21 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23863 | TreePress – Easy Family Trees & Ancestor Profiles <= 2.0.22 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'post_title' parameter | 4.4 |
| CVE-2023-23883 | WP Content Filter – Censor All Offensive Content From Your Site <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25052 | Yandex.News Feed by Teplitsa <= 1.12.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-26515 | Simple Slug Translate <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scritping | 4.4 |
| CVE-2023-26017 | Jobs for WordPress <= 2.5.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25979 | Video Gallery – YouTube Gallery <= 1.7.6 - Authenticated (Admin+) Stored Cross Site Scripting | 4.4 |
| CVE-2023-25978 | Protected Posts Logout Button <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting | 4.4 |
| CVE-2023-23710 | WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | 4.4 |
| CVE-2022-47608 | Quick Contact Form <= 8.0.3.1 - Authenticated (Admin+) Stored Cross Site Scripting | 4.4 |
| CVE-2023-24005 | Inline Tweet Sharer <= 2.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25479 | Podlove Subscribe button <= 1.3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25022 | Watu Quiz <= 3.3.8 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25023 | WebinarIgnition <= 2.14.2 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25046 | Podlove Podcast Publisher <= 3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25062 | Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23723 | WP Email Capture <= 3.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24387 | Organization chart <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24396 | VikBooking Hotel Booking Engine & PMS <= 1.5.11 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24383 | Namaste! LMS <= 2.5.9.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24002 | YouTube Embed <= 2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24004 | Image and Video Lightbox, Image Popup <= 2.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-46642 | SAHU TikTok Pixel for E-Commerce <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-46210 | WC Captcha <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-46200 | Smart App Banner <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-46199 | Triberr <= 4.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-45833 | LeadSquared Suite <= 0.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-45764 | Scroll post excerpt <= 8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-45768 | Next Page <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-45754 | Easy Testimonial Slider and Form <= 1.0.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-45010 | Complete Open Graph <= 3.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-45057 | Hitsteps Web Analytics <= 5.86 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-45056 | Open User Map | Everybody can add locations <= 1.3.26 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44263 | Social Metrics <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44265 | Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-44262 | Blocks <= 1.6.42 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41731 | wordpress publish post email notification <= 1.0.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41733 | Back To The Top Button <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41734 | Insert Estimated Reading Time <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41737 | Swifty Bar, sticky bar by WPGens <= 1.2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41859 | Order Delivery Date for WP e-Commerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41800 | UniConsent Cookie Consent CMP for GDPR / CCPA <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41242 | Snap Pixel <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25483 | Easy Coming Soon <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-40675 | Landing Page Builder <= 1.5.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-40676 | Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-40560 | Schedule Posts Calendar <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings | 4.4 |
| CVE-2023-39987 | wSecure Lite <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-38482 | Post Affiliate Pro <= 1.24.9 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-38476 | Client Portal : SuiteDash Direct Login <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-38521 | Exifography <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-38518 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-38517 | WRC Pricing Tables <= 2.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-37993 | wpShopGermany IT-RECHT KANZLEI <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-37980 | Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25044 | Social Share Boost <= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25042 | oAuth Twitter Feed for Developers <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23811 | Smoothscroller <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23807 | MojoPlug Slide Panel <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-34187 | Call Now Icon Animate <= 0.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-33929 | Easy Admin Menu <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-33328 | MailChimp Subscribe Forms <= 4.0.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25462 | WP htaccess Control <= 3.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23819 | itemprop WP for SERP/SEO Rich snippets <= 3.5.201706131 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23818 | WP Register Profile With Shortcode <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-32577 | DevBuddy Twitter Feed <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings | 4.4 |
| CVE-2023-32505 | Easy Hide Login <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23654 | SparkPost <= 3.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-23674 | WP Original Media Path <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-23682 | EZP Maintenance Mode <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-23683 | White Label Branding for Elementor Page Builder <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | 4.4 |
| CVE-2023-23673 | I Recommend This <= 3.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23794 | Semalt Blocker <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23810 | Panorama – WordPress Project Management Plugin <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-29434 | Optin Forms <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-29438 | SimpleModal Contact Form (SMCF) <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23812 | Enhanced WP Contact Form <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23789 | Premmerce Redirect Manager <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23788 | Custom More Link Complete <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-28778 | Pagination by BestWebSoft <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-28774 | Review Stream <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-28695 | VigilanTor <= 1.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-28496 | SMTP2GO <= 1.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings | 4.4 |
| CVE-2023-28423 | Modern Footnotes <= 1.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-27439 | New Adman <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25451 | CPO Content Types <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25021 | FareHarbor for WordPress <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-27452 | Button Generator – easily Button Builder <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25491 | JCH Optimize <= 3.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings | 4.4 |
| CVE-2023-26537 | WP No External Links <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping | 4.4 |
| CVE-2023-26539 | Advanced Text Widget <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-26519 | Publish to Schedule <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-26517 | Dashboard Widgets Suite <= 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-26010 | WPMobile.App — Android and iOS Mobile Application <= 11.18 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25962 | Accordions <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Several Parameters | 4.4 |
| CVE-2023-23816 | Sitemap Index <= 1.2.3 - Authenticated(Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23785 | Exquisite PayPal Donation <= v2.0.0 - Authenticated(Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23806 | WordPress Custom Settings <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23809 | Stock market charts from finviz <= 1.0.1 - Authenticated(Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23881 | Circles Gallery <= 1.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings | 4.4 |
| CVE-2023-23875 | Binge Site Verification using Meta Tag <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings | 4.4 |
| CVE-2023-23808 | Sponsors Carousel <= 4.02 - Authenticated (Admin+) Stored Cross-Site Scripting in show | 4.4 |
| CVE-2023-22683 | Clio Grow <= 1.0.0 - Authenticated (Admin+) Stored Cross Site Scripting | 4.4 |
| CVE-2023-25794 | Nooz <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25795 | Feed Changer <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25789 | Tapfiliate <= 3.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25792 | WP Open Social <= 5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25784 | Sticky Ad Bar <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25782 | Service Area Postcode Checker <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25786 | Eyes Only: User Access Shortcode <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23799 | Easy Panorama <= 1.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25485 | JSON Content Importer <= 1.3.15 - Authenticated (Admin+) Cross Site Scripting | 4.4 |
| CVE-2023-25783 | Peadig's Like & Share Button <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25781 | Upload File Type Settings Plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25787 | WP资源下载管理 <= 1.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25796 | WP BaiDu Submit <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25712 | Google Analytics Opt-Out <= 2.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25716 | Announce from the Dashboard <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25484 | Simple Yearly Archive <= 2.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25064 | WP htpasswd <= 1.7 - Authenticated (Admin+) Stored Cross Site Scripting | 4.4 |
| CVE-2023-25059 | avalex – Automatisch sichere Rechtstexte <= 3.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24381 | Advanced Social Pixel <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24006 | WP Terms Popup <= 2.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-24001 | Modal Dialog <= 3.5.9 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-23675 | WP Smart Preloader <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-6594 | WordPress Button Plugin MaxButtons <= 9.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-41736 | Email posts to subscribers <= 6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-0874 | Klaviyo <= 3.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting | 4.4 |
| CVE-2023-25983 | KB Support <= 1.5.84 - Authenticated (Subscriber+) CSV Injection | 4.4 |
| CVE-2022-47613 | ChatBot <= 4.3.0 - Authenticated (Admin+) Cross-Site Scripting | 4.4 |
| CVE-2023-47655 | ANAC XML Bandi di Gara <= 7.5 - Cross-Site Request Forgery via settings.php | 4.3 |
| CVE-2023-45753 | which template file <= 4.8.0 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41730 | SendPress Newsletters <= 1.23.11.6 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-34169 | TS Webfonts for さくらのレンタルサーバ <= 3.1.1 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-32125 | Multi Rating <= 5.0.6 - Cross-Site Request Forgery to Arbitrary Ratings Value Change | 4.3 |
| CVE-2023-23704 | Comments Ratings <= 1.1.6 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-28498 | Hotel Booking Lite <= 4.6.0 - Cross-Site Request Forgery to Settings Update | 4.3 |
| CVE-2023-23705 | WordPress Books Gallery <= 4.4.8 - Cross-Site Request Forgery leading to Plugin Settings Changes | 4.3 |
| CVE-2023-23724 | WordPress Email Marketing Plugin – WP Email Capture <= 3.9.3 - Cross Site Request Forgery | 4.3 |
| CVE-2023-25472 | Podlove Podcast Publisher <= 3.8.3 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-24388 | Booking calendar, Appointment Booking System <= 3.2.3 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-24384 | Organization chart <= 1.4.4 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-23983 | Responsive Vertical Icon Menu <= 1.5.8 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-22691 | Category Specific RSS feed Subscription <= 2.1 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-45647 | Constant Contact Forms by MailMunch <= 2.0.10 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-45749 | AGP Font Awesome Collection <= 3.2.4 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-45011 | WP Power Stats <= 2.2.3 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-44259 | Mediavine Control Panel <= 2.10.2 - Cross-Site Request Forgery via render_settings_page | 4.3 |
| CVE-2023-44257 | Mang Board WP <= 1.8.1 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41850 | Outbound Link Manager <= 1.2 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41851 | WP Custom Post Template <= 1.0 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41858 | Order Delivery Date for WP e-Commerce <= 1.2 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41854 | wpCentral <= 1.5.7 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41651 | Multi-column Tag Map <= 17.0.26 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41650 | Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41656 | Better Elementor Addons <= 1.3.8 - Missing Authorization | 4.3 |
| CVE-2023-41650 | Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41654 | authLdap <= 2.5.8 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-27448 | MakeStories (for Google Web Stories) <= 3.0.2 - Cross-Site Request Forgery via 'ms_set_options' | 4.3 |
| CVE-2023-25033 | Social Share Boost <= 4.5 - Cross-Site Request Forgery via 'syntatical_settings_content' | 4.3 |
| CVE-2023-25480 | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.24.1 - Cross-Site Request Forgery via submitDefaultEditor | 4.3 |
| CVE-2023-34029 | Disable WordPress Update Notifications <= 2.3.3 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-23787 | Premmerce Redirect Manager <= 1.0.10 - Cross-Site Request Forgery via deleteRedirect() | 4.3 |
| CVE-2023-28497 | Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_galleries | 4.3 |
| CVE-2023-28497 | Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_slides | 4.3 |
| CVE-2023-28173 | Google XML Sitemap for Images <= 2.1.3 - Cross-Site Request Forgery via image_sitemap_generate | 4.3 |
| CVE-2023-28167 | CF7 Invisible reCAPTCHA <= 1.3.3 - Cross-Site Request Forgery via vsz_cf7_invisible_recaptcha_page | 4.3 |
| CVE-2023-27611 | Reusable Blocks Extended <= 0.9 - Cross-Site Request Forgery via reblex_reusable_screen_block_pattern_registration | 4.3 |
| CVE-2023-25449 | cformsII <= 15.0.4 - Cross-Site Request Forgery leading to Settings Updates | 4.3 |
| CVE-2023-25450 | GiveWP <= 2.25.1 - Cross-Site Request Forgery via give_cache_flush | 4.3 |
| CVE-2023-27445 | Blog Floating Button <= 1.4.12 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-27436 | Elegant Custom Fonts <= 1.0 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-27441 | New Adman <= 1.6.8 - Cross-Site Request Forgery via plugin_menu | 4.3 |
| CVE-2023-27434 | Classic Editor and Classic Widgets <= 1.2.5 - Cross-Site Request Forgery via render_settings_page | 4.3 |
| CVE-2023-27458 | WpStream – Live Streaming, Video on Demand, Pay Per View <= 4.4.10 - Cross-Site Request Forgery via wpstream_settings | 4.3 |
| CVE-2023-27457 | Add Expires Headers & Optimized Minify <= 2.7 - Cross-Site Request Forgery via [placeholder] | 4.3 |
| CVE-2023-25470 | Rus-To-Lat <= 0.3 - Cross-Site Request Forgery to Plugins Options Changes | 4.3 |
| CVE-2023-26524 | Quiz And Survey Master <= 8.0.10 - Cross-Site Request Forgery to Quiz Restoration | 4.3 |
| CVE-2023-26518 | WP TFeed <= 1.6.9 - Cross-Site Request Forgery via aptf_delete_cache | 4.3 |
| CVE-2023-26514 | XML Sitemap Generator for Google <= 1.3.3 - Cross-Site Request Forgery to Plugin Settings Changes | 4.3 |
| CVE-2023-26532 | Social Auto Poster <= 2.1.4 - Cross-Site Request Forgery to Plugin Settings Reset | 4.3 |
| CVE-2023-25038 | For the visually impaired <= 0.58 - Cross-Site Request Forgery to Plugin Settings Changes | 4.3 |
| CVE-2023-25973 | Auto Affiliate Links <= 6.3.0.2 - Cross-Site Request Forgery via aalChangeOptions function | 4.3 |
| CVE-2023-25058 | Schema - All In One Schema Rich Snippets <= 1.6.5 - Cross-Site Request Forgery in rich_snippet_dashboard | 4.3 |
| CVE-2023-23984 | Bubble Menu – circle floating menu <= 3.0.1 - Cross Site Request Forgery | 4.3 |
| CVE-2023-23973 | Contact Us Page – Contact People <= 3.7.0 - Cross Site Request Forgery | 4.3 |
| CVE-2023-6492 | Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices | 4.3 |
| CVE-2023-6491 | Strong Testimonials <= 3.1.12 - Authenticated(Contributor+) Improper Authorization to Views Modification | 4.3 |
| CVE-2023-6493 | Depicter Slider – Responsive Image Slider, Video Slider & Post Slider <= 2.0.6 - Cross-Site Request Forgery via save | 4.3 |
| CVE-2023-47557 | Visitors Traffic Real Time Statistics <= 7.2 - Missing Authorization via multiple AJAX actions | 4.3 |
| CVE-2023-46197 | Popup by Supsystic <= 1.10.19 - Missing Authorization to Sensitive Information Exposure | 4.3 |
| CVE-2023-41802 | Super Socializer <= 7.13.54 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-41866 | Automatic YouTube Gallery <= 2.3.3 - Missing Authorization via AJAX actions | 4.3 |
| CVE-2023-41802 | Super Socializer <= 7.13.54 - Missing Authorization | 4.3 |
| CVE-2023-33994 | Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview | 4.3 |
| CVE-2023-40678 | Simple URLs <= 117 - Missing Authorization via AJAX actions | 4.3 |
| CVE-2023-35093 | MasterStudy LMS <= 3.0.8 - Missing Authorization to Course Category Creation | 4.3 |
| CVE-2023-33995 | Photo Gallery <= 1.8.15 - Missing Authorization | 4.3 |
| CVE-2023-23671 | Layer Slider <= 1.1.9.7 - Cross-Site Request Forgery via save_slide_ajax | 4.3 |
| CVE-2023-29440 | Simple Job Board <= 2.10.3 - Cross-Site Request Forgery via sjb_save_settings_section | 4.3 |
| CVE-2023-25993 | Top 10 – Popular posts plugin for WordPress <= 3.2.3 - Missing Authorization on tptn_ajax_clearcache | 4.3 |
| CVE-2023-23992 | AutomatorWP <= 2.5.0 - Cross Site Request Forgery | 4.3 |
| CVE-2023-23890 | WP Airbnb Review Slider <= 3.2 - Cross-Site Request Forgery | 4.3 |
| CVE-2023-23978 | WP Client Reports <= 1.0.16 - Missing Authorization to Sensitive Information Exposure | 4.3 |
| CVE-2023-23895 | WP Time Slots Booking Form <= 1.1.82 - Improper Authorization Checks | 4.1 |
| CVE-2023-23814 | CP Multi View Event Calendar <= 1.4.13 - Insufficient Authorization | 3.8 |
| CVE-2023-23971 | WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting | 3.8 |
| CVE-2023-41798 | Directorist <= 7.7.1 - CSV Injection | 3.8 |
| CVE-2021-24614 | Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS) | 3.5 |
| CVE-2021-24622 | WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting | 3.5 |
| CVE-2022-2395 | weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting | 3.4 |
| CVE-2023-41655 | authLdap <= 2.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 3.3 |
| CVE-2023-35092 | breadcrumb simple <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | 3.3 |
| CVE-2023-23822 | UTM Tracker <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | 3.3 |
| CVE-2021-24623 | WordPress Advanced Ticket System < 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS) | 2.7 |
| CVE-2021-24621 | WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code | 2.5 |