Show filters
406 Total Results
Displaying 101-110 of 406
Sort by:
Attacker Value
Unknown

CVE-2023-27413

Disclosure Date: June 22, 2023 (last updated February 25, 2025)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <= 2.4.4 versions.
Attacker Value
Unknown

CVE-2023-33498

Disclosure Date: June 07, 2023 (last updated February 25, 2025)
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.
Attacker Value
Unknown

CVE-2023-31726

Disclosure Date: May 23, 2023 (last updated February 25, 2025)
AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.
Attacker Value
Unknown

CVE-2022-47183

Disclosure Date: May 22, 2023 (last updated February 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions.
Attacker Value
Unknown

CVE-2023-31890

Disclosure Date: May 16, 2023 (last updated February 24, 2025)
An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter.
Attacker Value
Unknown

CVE-2023-1408

Disclosure Date: May 08, 2023 (last updated October 08, 2023)
The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Attacker Value
Unknown

CVE-2023-26519

Disclosure Date: May 06, 2023 (last updated February 24, 2025)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.5.4 versions.
Attacker Value
Unknown

CVE-2023-1021

Disclosure Date: May 02, 2023 (last updated February 24, 2025)
The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Attacker Value
Unknown

CVE-2023-1373

Disclosure Date: April 17, 2023 (last updated October 08, 2023)
The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
Attacker Value
Unknown

CVE-2023-1371

Disclosure Date: April 17, 2023 (last updated February 24, 2025)
The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them