Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23722 | 1 Winwar | 1 Wp Ebay Product Feeds | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP eBay Product Feeds plugin <= 3.3.1 versions.
|
|||||
| CVE-2023-23720 | 1 Skeepers | 1 Verified Reviews \(avis Verifies\) | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetReviews SAS Verified Reviews (Avis Vérifiés) plugin <= 2.3.13 versions.
|
|||||
| CVE-2023-23718 | 1 Page Loading Effects Project | 1 Page Loading Effects | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Page Loading Effects plugin <= 2.0.0 versions.
|
|||||
| CVE-2023-23717 | 1 Portfolio Slideshow Project | 1 Portfolio Slideshow | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in George Gecewicz Portfolio Slideshow plugin <= 1.13.0 versions.
|
|||||
| CVE-2023-23710 | 1 Miniorange | 1 Wordpress Social Login And Register \(discord\, Google\, Twitter\, Linkedin\) | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions.
|
|||||
| CVE-2023-23709 | 1 Wpjam Basic Project | 1 Wpjam Basic | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Denis WPJAM Basic plugin <= 6.2.1 versions.
|
|||||
| CVE-2023-23708 | 1 Themeisle | 1 Visualizer | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions.
|
|||||
| CVE-2023-23707 | 1 Awsm | 1 Embed Any Document | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue affects Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin <= 2.7.1 versions.
|
|||||
| CVE-2023-23703 | 1 Tychesoftwares | 1 Arconix Shortcodes | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Arconix Shortcodes plugin <= 2.1.7 versions.
|
|||||
| CVE-2023-23702 | 1 Pixelgrade | 1 Comments Rating | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions.
|
|||||
| CVE-2023-23701 | 1 Web Design Easy Sign Up Project | 1 Web Design Easy Sign Up | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin <= 3.4.1 versions.
|
|||||
| CVE-2023-23699 | 1 Progress Bar Project | 1 Progress Bar | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Reynolds Progress Bar plugin <= 2.2.1 versions.
|
|||||
| CVE-2023-23688 | 1 Sumo | 1 Social Share Boost | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <= 4.4 versions.
|
|||||
| CVE-2023-23687 | 1 Youtube Shortcode Project | 1 Youtube Shortcode | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions.
|
|||||
| CVE-2023-23686 | 1 Simple Staff List Project | 1 Simple Staff List | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions.
|
|||||
| CVE-2023-23685 | 1 Radiustheme | 1 Portfolio | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin <= 2.8.10 versions.
|
|||||
| CVE-2023-23683 | 1 White Label Branding For Elementor Page Builder Project | 1 White Label Branding For Elementor Page Builder | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ozan Canakli White Label Branding for Elementor Page Builder plugin <= 1.0.2 versions.
|
|||||
| CVE-2023-23682 | 1 Duplicator | 1 Ezp Maintenance Mode | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Maintenance Mode plugin <= 1.0.1 versions.
|
|||||
| CVE-2023-23681 | 1 Webdevocean | 1 Image Hover Effects For Wpbakery Page Builder | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder plugin <= 4.0 versions.
|
|||||
| CVE-2023-23677 | 1 Gtmetrix | 1 Gtmetrix | 2024-11-21 | N/A | 3.8 LOW |
|
Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions.
|
|||||
| CVE-2023-23676 | 1 File Gallery Project | 1 File Gallery | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bruno "Aesqe" Babic File Gallery plugin <= 1.8.5.3 versions.
|
|||||
| CVE-2023-23675 | 1 Catchsquare | 1 Wp Smart Preloader | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catchsquare WP Smart Preloader plugin <= 1.15 versions.
|
|||||
| CVE-2023-23674 | 1 Rvola | 1 Wp Original Media Path | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in RVOLA WP Original Media Path plugin <= 2.4.0 versions.
|
|||||
| CVE-2023-23673 | 1 Themeist | 1 I Recommend This | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Harish Chouhan, Themeist I Recommend This plugin <= 3.8.3 versions.
|
|||||
| CVE-2023-23670 | 1 Heateor | 1 Fancy Comments | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team Heateor Fancy Comments WordPress plugin <= 1.2.10 versions.
|
|||||
| CVE-2023-23668 | 1 Givewp | 1 Givewp | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions.
|
|||||
| CVE-2023-23667 | 1 Berocket | 1 Brands For Woocommerce | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in BeRocket Brands for WooCommerce plugin <= 3.7.0.6 versions.
|
|||||
| CVE-2023-23664 | 1 Convertbox | 1 Convertbox Auto Embed | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <= 1.0.19 versions.
|
|||||
| CVE-2023-23657 | 1 Webfwd | 1 Mail Subscribe List | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Richard Leishman t/a Webforward Mail Subscribe List plugin <= 2.1.9 versions.
|
|||||
| CVE-2023-23654 | 1 Messagebird | 1 Sparkpost | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SparkPost plugin <= 3.2.5 versions.
|
|||||
| CVE-2023-23650 | 1 Mainwp | 1 Code Snippets Extension | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Code Snippets Extension plugin <= 4.0.2 versions.
|
|||||
| CVE-2023-23647 | 1 Wpmart | 1 Team Member - Team With Slider | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Team Member – Team with Slider plugin <= 4.4 versions.
|
|||||
| CVE-2023-23641 | 1 Wpmanage | 1 Uji Popup | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPmanage Uji Popup plugin <= 1.4.3 versions.
|
|||||
| CVE-2023-23630 | 1 Eta.js | 1 Eta | 2024-11-21 | N/A | 8.6 HIGH |
|
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to `res.render`.
|
|||||
| CVE-2023-23627 | 1 Sanitize Project | 1 Sanitize | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. The default configurations do not allow `noscript` elements and are not vulnerable. This issue only affects users who are u ...
Show More |
|||||
| CVE-2023-23553 | 1 Controlbyweb | 2 X-400, X-400 Firmware | 2024-11-21 | N/A | 4.5 MEDIUM |
|
Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.
|
|||||
| CVE-2023-23548 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.
|
|||||
| CVE-2023-23481 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2024-11-21 | N/A | 6.4 MEDIUM |
|
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889.
|
|||||
| CVE-2023-23480 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885.
|
|||||
| CVE-2023-23475 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 4.6 MEDIUM |
|
IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423.
|
|||||