CVE-2023-4298 CVSS:0.0
The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) (Last Update:2023-09-04 12:15:11) (Publish Update:2023-09-04 12:15:11)
CVE-2023-4284 CVSS:0.0
The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin (Last Update:2023-09-04 12:15:11) (Publish Update:2023-09-04 12:15:11)
CVE-2023-40214 CVSS:7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vathemes Business Pro theme <= 1.10.4 versions. (Last Update:2023-09-04 12:15:10) (Publish Update:2023-09-04 12:15:10)
CVE-2023-40205 CVSS:7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pixelgrade PixTypes plugin <= 1.4.15 versions. (Last Update:2023-09-04 12:15:10) (Publish Update:2023-09-04 12:15:10)
CVE-2023-40197 CVSS:6.5
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Devaldi Ltd flowpaper plugin <= 1.9.9 versions. (Last Update:2023-09-04 12:15:10) (Publish Update:2023-09-04 12:15:10)
CVE-2023-40196 CVSS:7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.11 versions. (Last Update:2023-09-04 12:15:10) (Publish Update:2023-09-04 12:15:10)
CVE-2023-4254 CVSS:0.0
The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) (Last Update:2023-09-04 12:15:10) (Publish Update:2023-09-04 12:15:10)
CVE-2023-4253 CVSS:0.0
The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) (Last Update:2023-09-04 12:15:10) (Publish Update:2023-09-04 12:15:10)
CVE-2023-4216 CVSS:0.0
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file. (Last Update:2023-09-04 12:15:10) (Publish Update:2023-09-04 12:15:10)
CVE-2023-4151 CVSS:0.0
The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin (Last Update:2023-09-04 12:15:10) (Publish Update:2023-09-04 12:15:10)
This vulnerability list widget is provided by www.cvedetails.com. CVEdetails.com is updated! Visit www.cvedetails.com to see what's new in the new version!