Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2023-6828 | Cross-site Scripting vulnerability in Reputeinfosystems Arforms Form Builder The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-01-11 | CVE-2023-6855 | Missing Authorization vulnerability in Strangerstudios Paid Memberships PRO The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). | 5.3 |
| 2024-01-11 | CVE-2023-6875 | Missing Authorization vulnerability in Wpexperts Post Smtp Mailer The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. | 9.8 |
| 2024-01-11 | CVE-2023-6878 | Unspecified vulnerability in Leechesnutt Slick Social Share Buttons The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. | 6.5 |
| 2024-01-11 | CVE-2023-6882 | Cross-site Scripting vulnerability in Simple-Membership-Plugin Simple Membership The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-01-11 | CVE-2023-6924 | Cross-site Scripting vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
| 2024-01-11 | CVE-2023-6934 | Cross-site Scripting vulnerability in Limitloginattempts Limit Login Attempts Reloaded The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-11 | CVE-2023-6979 | Unrestricted Upload of File with Dangerous Type vulnerability in Cusrev Customer Reviews for Woocommerce The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. | 8.8 |
| 2024-01-11 | CVE-2023-6988 | Cross-site Scripting vulnerability in Extendthemes Colibri Page Builder 1.0.227/1.0.229 The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-11 | CVE-2023-6990 | Cross-site Scripting vulnerability in Weavertheme Weaver Xtreme Theme Support The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta (page-head-code). | 5.4 |