Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-29 | CVE-2023-6389 | Open Redirect vulnerability in Abhinavsingh Wordpress Toolbar 2.2.6 The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. | 6.1 |
2024-01-29 | CVE-2023-6390 | Cross-Site Request Forgery (CSRF) vulnerability in Jonathonkemp Wordpress Users 1.4.0 The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 8.8 |
2024-01-29 | CVE-2023-6391 | Cross-Site Request Forgery (CSRF) vulnerability in Jeremiahorem Custom User CSS 0.2 The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 8.8 |
2024-01-29 | CVE-2023-6503 | Cross-Site Request Forgery (CSRF) vulnerability in Paulgriffinpetty WP Plugin Lister 2.1.0 The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 5.4 |
2024-01-29 | CVE-2023-6530 | Cross-site Scripting vulnerability in Theme-Junkie TJ Shortcodes The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2024-01-29 | CVE-2023-6633 | Cross-Site Request Forgery (CSRF) vulnerability in Sidenotesproject Side Notes 2.0.0 The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks | 4.3 |
2024-01-29 | CVE-2023-6946 | Cross-Site Request Forgery (CSRF) vulnerability in Unalignedcode Autotitle 1.0.3 The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 8.8 |
2024-01-29 | CVE-2023-7074 | Cross-Site Request Forgery (CSRF) vulnerability in Giovambattistafazioli WP Social Bookmark Menu 1.2 The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 8.8 |
2024-01-29 | CVE-2023-7089 | Cross-site Scripting vulnerability in Benjaminzekavica Easy SVG Support 1.0 The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | 5.4 |
2024-01-29 | CVE-2023-7199 | Authorization Bypass Through User-Controlled Key vulnerability in Relevanssi The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request | 5.3 |