CyberAlerts

CVE-2023-2401

Description: The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2023-2359

Revolution Slider <= 6.6.12 - Author+ Remote Code Execution

Description: The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations.

CVSS: LOW (0.0)

EPSS Score: 0.18%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2023-2221

WP Custom Cursors < 3.2 - Admin+ SQLi

Description: The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2023-0368

Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS

Description: The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2023-2811

AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting

Description: The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE

December 12th, 2024 (4 months ago)

CVE-2023-2751

Upload Resume <= 1.2.0 - Captcha Bypass

Description: The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE

December 12th, 2024 (4 months ago)

CVE-2023-2684

File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting

Description: The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE

December 12th, 2024 (4 months ago)

CVE-2023-2654

Conditional Menus < 1.2.1 - Reflected XSS

Description: The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE

December 12th, 2024 (4 months ago)

CVE-2023-2527

Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi

Description: The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE

December 12th, 2024 (4 months ago)

CVE-2023-2399

qubotchat < 1.1.6 - Unauthenticated Stored XSS

Description: The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE

December 12th, 2024 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-2401	Qubotchat < 1.1.6 – Admin+ Stored XSS Description: The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE December 13th, 2024 (4 months ago)
CVE-2023-2359	Revolution Slider <= 6.6.12 - Author+ Remote Code Execution Description: The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. CVSS: LOW (0.0) EPSS Score: 0.18% Source: CVE December 13th, 2024 (4 months ago)
CVE-2023-2221	WP Custom Cursors < 3.2 - Admin+ SQLi Description: The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. CVSS: LOW (0.0) EPSS Score: 0.09% Source: CVE December 13th, 2024 (4 months ago)
CVE-2023-0368	Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS Description: The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE December 13th, 2024 (4 months ago)
CVE-2023-2811	AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting Description: The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE December 12th, 2024 (4 months ago)
CVE-2023-2751	Upload Resume <= 1.2.0 - Captcha Bypass Description: The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site. CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE December 12th, 2024 (4 months ago)
CVE-2023-2684	File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting Description: The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE December 12th, 2024 (4 months ago)
CVE-2023-2654	Conditional Menus < 1.2.1 - Reflected XSS Description: The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE December 12th, 2024 (4 months ago)
CVE-2023-2527	Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi Description: The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE December 12th, 2024 (4 months ago)
CVE-2023-2399	qubotchat < 1.1.6 - Unauthenticated Stored XSS Description: The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard. CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE December 12th, 2024 (4 months ago)