WordPress - CVE CyberSecurity Database News (Page 135)

Apr 7, 2023 XSS WordPress Exploit PHP PropertyHive

CVE-2023-29172 - Unauthenticated Reflected XSS in PropertyHive Plugin (<= 1.5.46) – Analysis, Exploit & Mitigation

--- If you’re running a WordPress site relying on the popular PropertyHive plugin to manage properties and listings, take a moment to check your

Apr 7, 2023 XSS WordPress Kiboko Labs Chained Quiz

CVE-2023-25027 - Authenticated (Admin+) Stored XSS in Kiboko Labs Chained Quiz Plugin <= 1.3.2.5—Exploit Details, Code Snippets & Secure Practice

--- Introduction If you use the Chained Quiz plugin by Kiboko Labs on your WordPress site, a severe security hole may put your users at

Apr 6, 2023 CSRF WordPress Exploit emrevona WP Fastest Cache

CVE-2023-1924 - Exploiting CSRF in WP Fastest Cache WordPress Plugin (v1.1.2 and Below) – Explanation, PoC, and Fix

--- Introduction WordPress is among the world’s most popular website platforms, and plugins like WP Fastest Cache are widely used to enhance performance. But

Mar 14, 2023 XSS WordPress Exploit Paul C. Schroeder IP Vault – WP Firewall

CVE-2022-47171 - Explaining the XSS Vulnerability in IP Vault – WP Firewall WordPress Plugin (<= 1.1)

In late 2022, security researchers uncovered a critical vulnerability in a popular WordPress firewall plugin: IP Vault – WP Firewall. Tracked as CVE-2022-47171, this bug affects

Mar 13, 2023 WordPress Exploit PHP iThemes BackupBuddy

CVE-2022-31474 - Critical Directory Traversal in iThemes BackupBuddy (v8.5.8. - v8.7.4.1) Exploited – How and Why

WordPress is the world’s most popular CMS, and its security plugins are supposed to protect rather than expose. However, in 2022, a severe flaw