CVE-2023-4035

The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Source: CVE-2023-4035

CVE-2023-4036

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones

Source: CVE-2023-4036

CVE-2023-4109

The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability.

Source: CVE-2023-4109

CVE-2023-34008

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin <= 1.12.3 versions.

Source: CVE-2023-34008

CVE-2023-34023

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <= 3.0.4 versions.

Source: CVE-2023-34023

CVE-2023-34032

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.

Source: CVE-2023-34032

CVE-2023-1982

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Source: CVE-2023-1982

CVE-2023-34004

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions.

Source: CVE-2023-34004

CVE-2023-34022

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rakib Hasan Dynamic QR Code Generator plugin <= 0.0.5 versions.

Source: CVE-2023-34022

CVE-2022-1601

The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible for attackers to access restricted content in certain situations.

Source: CVE-2022-1601