Show filters
406 Total Results
Displaying 101-110 of 406
Sort by:
Attacker Value
Unknown
CVE-2023-27413
Disclosure Date: June 22, 2023 (last updated February 25, 2025)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <= 2.4.4 versions.
0
Attacker Value
Unknown
CVE-2023-33498
Disclosure Date: June 07, 2023 (last updated February 25, 2025)
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.
0
Attacker Value
Unknown
CVE-2023-31726
Disclosure Date: May 23, 2023 (last updated February 25, 2025)
AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.
0
Attacker Value
Unknown
CVE-2022-47183
Disclosure Date: May 22, 2023 (last updated February 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions.
0
Attacker Value
Unknown
CVE-2023-31890
Disclosure Date: May 16, 2023 (last updated February 24, 2025)
An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter.
0
Attacker Value
Unknown
CVE-2023-1408
Disclosure Date: May 08, 2023 (last updated October 08, 2023)
The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
0
Attacker Value
Unknown
CVE-2023-26519
Disclosure Date: May 06, 2023 (last updated February 24, 2025)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.5.4 versions.
0
Attacker Value
Unknown
CVE-2023-1021
Disclosure Date: May 02, 2023 (last updated February 24, 2025)
The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2023-1373
Disclosure Date: April 17, 2023 (last updated October 08, 2023)
The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
0
Attacker Value
Unknown
CVE-2023-1371
Disclosure Date: April 17, 2023 (last updated February 24, 2025)
The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them
0