-
CVE-2023-4283
•
published on August 10, 2023
The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
-
CVE-2023-4283
•
published on August 10, 2023
The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
-
CVE-2023-4283
•
published on August 10, 2023
The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
-
CVE-2023-4283
•
published on August 10, 2023
The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
-
CVE-2023-4283
•
published on August 10, 2023
The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
-
CVE-2023-4282
•
published on August 10, 2023
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.
-
CVE-2023-4282
•
published on August 10, 2023
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.
-
CVE-2023-4282
•
published on August 10, 2023
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.
-
CVE-2023-4282
•
published on August 10, 2023
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.
-
CVE-2023-4282
•
published on August 10, 2023
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.
-
CVE-2023-37988
•
published on August 10, 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin = 2.5.5 versions.
-
CVE-2023-37988
•
published on August 10, 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin = 2.5.5 versions.
-
CVE-2023-37988
•
published on August 10, 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin = 2.5.5 versions.
-
CVE-2023-37988
•
published on August 10, 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin = 2.5.5 versions.
-
CVE-2023-37988
•
published on August 10, 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin = 2.5.5 versions.
-
CVE-2023-23871
•
published on August 10, 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin = 1.1.23 versions.
-
CVE-2023-23871
•
published on August 10, 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin = 1.1.23 versions.
-
CVE-2023-23871
•
published on August 10, 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin = 1.1.23 versions.
-
CVE-2023-23871
•
published on August 10, 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin = 1.1.23 versions.
-
CVE-2023-23871
•
published on August 10, 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin = 1.1.23 versions.