XSS
OneClick Chat to Order Vulnerability – Authenticated Stored Cross-Site Scripting via Shortcode | WordPress Plugin Vulnerability Report
Plugin Name: OneClick Chat to Order Key Information: Software Type: Plugin Software Slug: oneclick-whatsapp-order Software Status: Active Software Author: walterpinem Software Downloads: 205,924 Active Installs: 30,000 Last Updated: January 8, 2024 Patched Versions: 1.0.6 Affected Versions: <= 1.0.5 Vulnerability Details: Name: OneClick Chat to Order <= 1.0.5 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode…
WordPress Button Plugin MaxButtons – Authenticated Stored Cross-Site Scripting – CVE-2023-6594 | WordPress Plugin Vulnerability Report
Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry Software Downloads: 4,640,344 Active Installs: 100,000 Last Updated: January 8, 2024 Patched Versions: 9.7.6 Affected Versions: <= 9.7.4 Vulnerability Details: Name: WordPress Button Plugin MaxButtons <= 9.7.4 Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N…
Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2023-6781 | WordPress Plugin Vulnerability Report
Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 10,910,881 Active Installs: 200,000 Last Updated: January 5, 2024 Patched Versions: <= 2.10.26 Affected Versions: 2.10.27 Vulnerability Details: Name: Orbit Fox Companion <= 2.10.26 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via custom…
Happy Addons for Elementor Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6632 | WordPress Plugin Vulnerability Report
Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 5,728,647 Active Installs: 400,000 Last Updated: January 5, 2024 Patched Versions: 3.10.0 Affected Versions: <= 3.9.1.1 Vulnerability Details: Name: Happy Addons for Elementor <= 3.9.1.1 – Reflected Cross-Site Scripting Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-6632…
Pagelayer Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields – CVE-2023-6738 | WordPress Plugin Vulnerability Report
Plugin Name: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,480,305 Active Installs: 200,000 Last Updated: January 3, 2024 Patched Versions: 1.7.9 Affected Versions: <= 1.7.8 Vulnerability Details: Name: PageLayer <= 1.7.8 – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields Title: Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields Type: Improper Input Validation CVE: CVE-2023-6738 CVSS Score: 5.4 (Medium) Publicly Published: January…
Complianz Vulnerability – Authenticated(Administrator+) Stored Cross-site Scripting via settings – CVE-2023-6498 | WordPress Plugin Vulnerability Report
Plugin Name: Complianz Key Information: Software Type: Plugin Software Slug: complianz-gdpr Software Status: Active Software Author: rogierlankhorst Software Downloads: 13,636,569 Active Installs: 800,000 Last Updated: January 3, 2024 Patched Versions: 6.5.6 Affected Versions: <= 6.5.5 Vulnerability Details: Name: Complianz | GDPR/CCPA Cookie Consent <= 6.5.5 – Authenticated(Administrator+) Stored Cross-site Scripting via settings Title: Authenticated(Administrator+) Stored Cross-site Scripting via settings Type: Improper Neutralization of Input During Web Page…
Post Grid Combo Vulnerability – Authenticated (Contributor+) Cross-Site Scripting – CVE-2023-6645 | WordPress Plugin Vulnerability Report
Plugin Name: Post Grid Combo Key Information: Software Type: Plugin Software Slug: post-grid Software Status: Active Software Author: pickplugins Software Downloads: 2,566,872 Active Installs: 50,000 Last Updated: December 15, 2023 Patched Versions: 2.2.65 Affected Versions: <= 2.2.64 Vulnerability Details: Name: Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 – Authenticated (Contributor+) Cross-Site Scripting Title: Authenticated (Contributor+) Cross-Site Scripting Type: Improper Neutralization of Script-Related HTML Tags in…
WordPress Plugin Vulnerability Report – Calculated Fields Form – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2023-6446
Plugin Name: Calculated Fields Form Key Information: Software Type: Plugin Software Slug: calculated-fields-form Software Status: Active Software Author: codepeople Software Downloads: 6,352,767 Active Installs: 60,000 Last Updated: December 5, 2023 Patched Versions: 1.2.41 Affected Versions: <= 1.2.40 Vulnerability Details: Name: Calculated Fields Form <= 1.2.40 – Authenticated (Admin+) Stored Cross-Site Scripting Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of Alternate XSS Syntax CVE: CVE-2023-6446 CVSS Score: 4.4…
WordPress Plugin Vulnerability Report – AMP for WP – Accelerated Mobile Pages – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-48321
Plugin Name: AMP for WP – Accelerated Mobile Pages Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,408,260 Active Installs: 100,000 Last Updated: November 28, 2023 Patched Versions: 1.0.89 Affected Versions: <= 1.0.88.1 Vulnerability Details: Name: Accelerated Mobile Pages <= 1.0.88.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Type: Improper…
WordPress Plugin Vulnerability Report – Email Address Encoder – Authenticated (Contributor+) Stored Cross-Site Scripting
Plugin Name: Email Address Encoder Key Information: Software Type: Plugin Software Slug: email-address-encoder Software Status: Active Software Author: tillkruess Software Downloads: 1,241,298 Active Installs: 100,000 Last Updated: November 28, 2023 Patched Versions: 1.0.23 Affected Versions: <=1.0.22 Vulnerability Details: Name: Email Address Encoder 1.0.22 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS…