CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50901 – WordPress HT Mega Plugin <= 2.3.8 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-50901
26 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en HasThemes HT Mega – Absolute Addons For Elementor permite XSS reflejado. Este problema afecta a HT Mega – Absolute Addons For Ele... • https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-3-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51372 – WordPress HashBar – WordPress Notification Bar Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51372
26 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS.This issue affects HashBar – WordPress Notification Bar: from n/a through 1.4.1. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('Cross-site Scripting') en HasThemes HashBar – WordPress Notification Bar permite XSS almacenado. Este problema afecta a HashBar – WordPress Notification Bar: desde ... • https://patchstack.com/database/vulnerability/hashbar-wp-notification-bar/wordpress-hashbar-wordpress-notification-bar-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47172 – WordPress WooLentor Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47172
05 Jul 2023 — Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions. The WooLentor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_data function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Cross-Site Re... • https://patchstack.com/database/vulnerability/woolentor-addons/wordpress-shoplentor-plugin-2-6-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32962 – WordPress WishSuite Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32962
18 May 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin <= 1.3.4 versions. The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user acces... • https://patchstack.com/database/vulnerability/wishsuite/wordpress-wishsuite-wishlist-for-woocommerce-plugin-1-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23801 – WordPress Really Simple Google Tag Manager Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23801
31 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin <= 1.0.6 versions. The Really Simple Google Tag Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing nonce validation on the plugin_activation() function. This makes it possible for unauthenticated attackers to activate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an acti... • https://patchstack.com/database/vulnerability/really-simple-google-tag-manager/wordpress-really-simple-google-tag-manager-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23731 – WordPress WishSuite Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23731
30 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions. The WishSuite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the plugin_activation() function. This makes it possible for unauthenticated attackers to activate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Cro... • https://patchstack.com/database/vulnerability/wishsuite/wordpress-wishsuite-wishlist-for-woocommerce-plugin-1-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23791 – WordPress HT Menu Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23791
30 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <= 1.2.1 versions. The HT Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing nonce validation on the plugin_activation() function. This makes it possible for unauthenticated attackers to activate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Cross-Site Request ... • https://patchstack.com/database/vulnerability/ht-menu-lite/wordpress-ht-menu-wordpress-mega-menu-builder-for-elementor-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23792 – WordPress Swatchly – WooCommerce Variation Swatches for Products Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23792
30 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions. The Swatchly – WooCommerce Variation Swatches for Products plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing nonce validation on the plugin_activation() function. This makes it possible for unauthenticated attackers to activate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action... • https://patchstack.com/database/vulnerability/swatchly/wordpress-swatchly-woocommerce-variation-swatches-for-products-product-attributes-image-swatch-color-swatches-label-swatches-plugin-1-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23803 – WordPress JustTables – WooCommerce Product Table Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23803
30 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions. The JustTables – WooCommerce Product Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.9. This is due to missing or incorrect nonce validation on the plugin_activation() function. This makes it possible for unauthenticated attackers to activate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action ... • https://patchstack.com/database/vulnerability/just-tables/wordpress-justtables-woocommerce-product-table-plugin-1-4-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23804 – WordPress HT Feed Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23804
16 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed plugin <= 1.2.7 versions. The HT Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.7. This is due to missing nonce validation on the 'plugin_activation' function. This makes it possible for unauthenticated attackers to activate installed plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Cross-Site Request F... • https://patchstack.com/database/vulnerability/ht-instagram/wordpress-ht-feed-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •