CVE-2023-37976
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Forge Muses Player with Skins plugin <=Â 2.5 versions.
Source: CVE-2023-37976
[월:] 2023년 07월
CVE-2023-37970
CVE-2023-37970
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Matthew Fries MF Gig Calendar plugin <=Â 1.2 versions.
Source: CVE-2023-37970
CVE-2023-37975
CVE-2023-37975
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin <=Â 2.3.7 versions.
Source: CVE-2023-37975
CVE-2023-37894
CVE-2023-37894
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Images Gallery for WooCommerce plugin <=Â 2.3.3 versions.
Source: CVE-2023-37894
CVE-2023-37993
CVE-2023-37993
Auth. Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De wpShopGermany IT-RECHT KANZLEI plugin <=Â 1.7 versions.
Source: CVE-2023-37993
CVE-2023-37980
CVE-2023-37980
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Custom Field For WP Job Manager plugin <=Â 1.1 versions.
Source: CVE-2023-37980
CVE-2023-38512
CVE-2023-38512
Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream – Live Streaming, Video on Demand, Pay Per View plugin <= 4.5.4 versions.
Source: CVE-2023-38512
CVE-2023-37981
CVE-2023-37981
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPKube Authors List plugin <=Â 2.0.2 versions.
Source: CVE-2023-37981
CVE-2023-3970
CVE-2023-3970
A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability.
Source: CVE-2023-3970
CVE-2023-3969
CVE-2023-3969
A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promo_code leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235568.
Source: CVE-2023-3969