# [CVE] All the CVEs I own :::info :bulb:Welcome to my CVE (Common Vulnerabilities and Exposures) repository! Below is a list of vulnerabilities that I have discovered and reported, along with their respective CVE identifiers. ::: Blogs about my CVE: **Wordfence** 1. https://www.wordfence.com/blog/2023/09/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-4-2023-to-september-10-2023/ 2. https://www.wordfence.com/blog/2023/10/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-25-2023-to-october-1-2023/ 3. https://www.wordfence.com/blog/2023/11/wordfence-intelligence-weekly-wordpress-vulnerability-report-october-30-2023-to-november-5-2023/ 4. https://www.wordfence.com/blog/2023/11/wordfence-intelligence-weekly-wordpress-vulnerability-report-november-13-2023-to-november-19-2023/ 5. https://www.wordfence.com/blog/2023/11/wordfence-intelligence-weekly-wordpress-vulnerability-report-november-20-2023-to-november-26-2023/ 6. https://www.wordfence.com/blog/2023/12/wordfence-intelligence-weekly-wordpress-vulnerability-report-november-27-2023-to-december-3-2023/ 7. https://www.wordfence.com/blog/2023/12/wordfence-intelligence-weekly-wordpress-vulnerability-report-december-4-2023-to-december-10-2023/ 8. https://www.wordfence.com/blog/2024/01/wordfence-intelligence-weekly-wordpress-vulnerability-report-december-18-2023-to-december-31-2023/ 9. https://www.wordfence.com/blog/2024/01/wordfence-intelligence-weekly-wordpress-vulnerability-report-january-1-2024-to-january-7-2024/ 10. https://www.wordfence.com/blog/2024/01/wordfence-intelligence-weekly-wordpress-vulnerability-report-january-8-2024-to-january-14-2024/ 11. https://www.wordfence.com/blog/2024/01/wordfence-intelligence-weekly-wordpress-vulnerability-report-january-15-2024-to-january-21-2024/ 12. https://www.wordfence.com/blog/2024/02/wordfence-intelligence-weekly-wordpress-vulnerability-report-january-29-2024-to-february-4-2024/ **Patchstack** 1. https://patchstack.com/articles/patchstack-alliance-bounty-program-events-for-december/ ## :feet: List of CVEs :::success [@ancorn_](https://twitter.com/ancorn_) ::: :::warning All CVEs are assigned to products with a minimum of 1000 users ::: ### [CVE-2024-24842](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/echo-knowledge-base/knowledge-base-for-documentation-faqs-with-ai-assistance-11302-unauthenticated-php-object-injection-in-is-article-recently-viewed) **Description**: The Knowledge Base for Documentation, FAQs with AI Assistance plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 11.30.2 via deserialization of untrusted input in the is_article_recently_viewed function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. **POC**: https://hackmd.io/@ancorn/CVE-2024-24842 **Affected Software/Platform**: Wordpress Plugin :::danger **CVSS: 9.8** ::: --- ### [CVE-2024-3018](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-5913-authenticated-author-php-object-injection-via-error-resetpassword) **Description**: The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the 'error_resetpassword' attribute of the "Login | Register Form" widget (disabled by default). This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. **Affected Software/Platform**: Wordpress Plugin :::danger **CVSS**: 8.8 ::: --- ### [CVE-2023-50841](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bookingpress-appointment-booking/bookingpress-1072-authenticated-contributor-sql-injection) **Description**: WordPress BookingPress Plugin <= 1.0.72 is vulnerable to SQL Injection **Affected Software/Platform**: Wordpress Plugin :::danger **CVSS**: 8.8 ::: --- ### [CVE-2023-52204](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/randomize/randomize-143-authenticated-contributor-sql-injection) **Description**: Randomize <= 1.4.3 - Authenticated (Contributor+) SQL Injection **Affected Software/Platform**: Wordpress Plugin :::danger **CVSS**: 8.8 ::: --- ### [CVE-2023-50840](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/booking-manager/booking-manager-215-authenticatedcontributor-sql-injection-via-shortcode) **Description**: WordPress Booking Manager Plugin <= 2.1.5 is vulnerable to SQL Injection **Affected Software/Platform**: Wordpress Plugin :::danger **CVSS**: 8.8 ::: --- ### [CVE-2024-24796](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/mage-eventpress/event-manager-and-tickets-selling-plugin-for-woocommerce-wpevently-411-authenticated-contributor-php-object-injection-in-mep-event-meta-save) **Description**: WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection **Affected Software/Platform**: Wordpress Plugin :::danger **CVSS**: 8.8 ::: --- ### [CVE-2023-4308](https://wpscan.com/vulnerability/d5b95156-eda4-4bd4-bd56-81672f345700/) **Description**: The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Affected Software/Platform**: Wordpress Plugin :::danger **CVSS**: 8.3 ::: --- ### [CVE-2023-51513](https://patchstack.com/database/vulnerability/cf-geoplugin/wordpress-geo-controller-plugin-8-5-2-cross-site-scripting-xss-vulnerability) **Description**: WordPress Geo Controller Plugin <= 8.5.2 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-51506](https://patchstack.com/database/vulnerability/currency-switcher/wordpress-wpcs-plugin-1-2-0-cross-site-scripting-xss-vulnerability) **Description**: WordPress WPCS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-51504](https://patchstack.com/database/vulnerability/dans-gcal/wordpress-dan-s-embedder-for-google-calendar-plugin-1-2-cross-site-scripting-xss-vulnerability) **Description**: WordPress Dan's Embedder for Google Calendar Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-51493](https://patchstack.com/database/vulnerability/dd-post-carousel/wordpress-custom-post-carousels-with-owl-plugin-1-4-6-cross-site-scripting-xss-vulnerability) **Description**: WordPress Custom Post Carousels with Owl Plugin <= 1.4.6 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-51399](https://patchstack.com/database/vulnerability/back-button-widget/wordpress-back-button-widget-plugin-1-6-3-cross-site-scripting-xss-vulnerability) **Description**: WordPress Back Button Widget Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-50881](https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-15-cross-site-scripting-xss-vulnerability) **Description**: WordPress Advanced Access Manager Plugin <= 6.9.15 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-50874](https://patchstack.com/database/vulnerability/ajax-load-more/wordpress-ajax-load-more-plugin-6-1-0-1-cross-site-scripting-xss-vulnerability) **Description**: WordPress Ajax Load More Plugin <= 6.1.0.1 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-50860](https://patchstack.com/database/vulnerability/ameliabooking/wordpress-amelia-plugin-1-0-85-cross-site-scripting-xss-vulnerability) **Description**: WordPress Amelia Plugin <= 1.0.85 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-6995]() **Description**: Popup Builder – Create highly converting, mobile friendly marketing popups. (<= 4.2.5) - XSS **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-6994](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/list-category-posts/list-category-posts-0893-authenticated-contributor-stored-cross-site-scripting-via-shortcode) **Description**: List category posts <= 0.89.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-6808](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-1093-authenticatedcontributor-stored-cross-site-scripting-via-shortcode) **Description**: Booking for Appointments and Events Calendar – Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-6986](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/embedpress/embedpress-embed-pdf-youtube-google-docs-vimeo-wistia-videos-audios-maps-any-documents-in-gutenberg-elementor-395-authenticated-contributor-stored-cross-site-scripting-via-shortcode) **Description**: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-50823](https://patchstack.com/database/vulnerability/css-javascript-toolbox/wordpress-css-javascript-toolbox-plugin-11-7-cross-site-scripting-xss-vulnerability) **Description**: WordPress CSS & JavaScript Toolbox Plugin <= 11.8 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-50822](https://patchstack.com/database/vulnerability/currency-converter-widget/wordpress-currency-converter-widget-plugin-3-0-2-cross-site-scripting-xss-vulnerability) **Description**: WordPress Currency Converter Widget Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-6782](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/accelerated-mobile-pages/amp-for-wp-accelerated-mobile-pages-1092-authenticated-contributor-cross-site-scripting-via-shortcode) **Description**: AMP for WP – Accelerated Mobile Pages <= 1.0.92 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-50369](https://patchstack.com/database/vulnerability/alma-gateway-for-woocommerce/wordpress-alma-plugin-5-1-3-cross-site-scripting-xss-vulnerability) **Description**: WordPress Alma – Pay in installments or later for WooCommerce Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-50368](https://patchstack.com/database/vulnerability/auxin-elements/wordpress-shortcodes-and-extra-features-for-phlox-theme-plugin-2-15-2-cross-site-scripting-xss-vulnerability) **Description**: WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.15.4 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-49846](https://patchstack.com/database/vulnerability/author-avatars/wordpress-author-avatars-list-block-plugin-2-1-16-cross-site-scripting-xss-vulnerability) **Description**: WordPress Author Avatars List/Block Plugin <= 2.1.16 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-49823](https://patchstack.com/database/vulnerability/bold-page-builder/wordpress-bold-page-builder-plugin-4-6-1-cross-site-scripting-xss-vulnerability) **Description**: WordPress Bold Page Builder Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-49173](https://patchstack.com/database/vulnerability/10to8-online-booking/wordpress-10to8-online-appointment-booking-system-plugin-1-0-9-cross-site-scripting-xss-vulnerability) **Description**: WordPress 10to8 Online Appointment Booking System Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-49169](https://patchstack.com/database/vulnerability/ads-by-datafeedrcom/wordpress-ads-by-datafeedr-com-plugin-1-2-0-cross-site-scripting-xss-vulnerability) **Description**: WordPress Ads by datafeedr.com Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-49152](https://patchstack.com/database/vulnerability/credit-tracker/wordpress-credit-tracker-plugin-1-1-17-cross-site-scripting-xss-vulnerability) **Description**: WordPress Credit Tracker Plugin <= 1.1.17 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-49150](https://patchstack.com/database/vulnerability/crypto-converter-widget/wordpress-crypto-converter-widget-plugin-1-8-1-cross-site-scripting-xss-vulnerability) **Description**: WordPress Crypto Converter Widget Plugin <= 1.8.1 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-49149](https://patchstack.com/database/vulnerability/currency-converter-calculator/wordpress-currency-converter-calculator-plugin-1-3-1-cross-site-scripting-xss-vulnerability) **Description**: WordPress Currency Converter Calculator Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-48336](https://patchstack.com/database/vulnerability/easy-social-icons/wordpress-easy-social-icons-plugin-3-2-4-cross-site-scripting-xss-vulnerability) **Description**: WordPress Easy Social Icons Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-48321](https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-88-1-cross-site-scripting-xss-vulnerability) **Description**: WordPress Accelerated Mobile Pages Plugin <= 1.0.88.1 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47851](https://patchstack.com/database/vulnerability/bs-shortcode-ultimate/wordpress-bootstrap-shortcodes-ultimate-plugin-4-3-1-cross-site-scripting-xss-vulnerability) **Description**: Cross Site Scripting (XSS) in Bootstrap Shortcodes Ultimate 4.3.1 **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47821](https://patchstack.com/database/vulnerability/email-encoder-bundle/wordpress-email-encoder-bundle-plugin-2-1-8-cross-site-scripting-xss-vulnerability) **Description**: WordPress Email Encoder Bundle Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47808](https://patchstack.com/database/vulnerability/add-widgets-to-page/wordpress-add-widgets-to-page-plugin-1-3-2-cross-site-scripting-xss-vulnerability) **Description**: Cross Site Scripting (XSS) in Add Widgets to Page 1.3.2 **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47809](https://patchstack.com/database/vulnerability/accordions-wp/wordpress-accordion-plugin-2-6-cross-site-scripting-xss-vulnerability) **Description**: WordPress Accordion Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47810](https://patchstack.com/database/vulnerability/ajax-domain-checker/wordpress-ajax-domain-checker-plugin-1-3-0-cross-site-scripting-xss-vulnerability) **Description**: WordPress Ajax Domain Checker Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47811](https://patchstack.com/database/report-preview/b43da017-b094-4e63-94a8-6b1a8a9b6724) **Description**: Cross Site Scripting (XSS) in Anywhere Flash Embed 1.0.5 **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47812](https://patchstack.com/database/vulnerability/bamboo-columns/wordpress-bamboo-columns-plugin-1-6-1-cross-site-scripting-xss-vulnerability) **Description**: WordPress Bamboo Columns Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47813](https://patchstack.com/database/vulnerability/better-rss-widget/wordpress-better-rss-widget-plugin-2-8-1-cross-site-scripting-xss-vulnerability) **Description**: WordPress Better RSS Widget Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47814](https://patchstack.com/database/vulnerability/bmi-calculator-shortcode/wordpress-bmi-calculator-plugin-plugin-1-0-3-cross-site-scripting-xss-vulnerability) **Description**: WordPress BMI Calculator Plugin Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47815](https://patchstack.com/database/vulnerability/bp-profile-shortcodes-extra/wordpress-bp-profile-shortcodes-extra-plugin-2-5-2-cross-site-scripting-xss-vulnerability) **Description**: WordPress BP Profile Shortcodes Extra Plugin <= 2.5.2 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47816](https://patchstack.com/database/vulnerability/charitable/wordpress-charitable-plugin-1-7-0-13-cross-site-scripting-xss-vulnerability) **Description**: WordPress Charitable Plugin <= 1.7.0.13 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47817](https://patchstack.com/database/vulnerability/daily-prayer-time-for-mosques/wordpress-daily-prayer-time-plugin-2023-10-13-cross-site-scripting-xss-vulnerability) **Description**: WordPress Daily Prayer Time Plugin <= 2023.10.13 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-44143](https://patchstack.com/database/report-preview/175491fb-70e6-4477-8998-73d61bfcb618) **Description**: WordPress Bamboo Columns Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-44145](https://patchstack.com/database/vulnerability/anchor-episodes-index/wordpress-anchor-episodes-index-spotify-for-podcasters-plugin-2-1-7-cross-site-scripting-xss-vulnerability) **Description**: WordPress Anchor Episodes Index (Spotify for Podcasters) Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-44984](https://patchstack.com/database/vulnerability/bbp-style-pack/wordpress-bbp-style-pack-plugin-5-6-7-cross-site-scripting-xss-vulnerability) **Description**: WordPress BuddyMeet Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-44985](https://patchstack.com/database/vulnerability/buddymeet/wordpress-buddymeet-plugin-2-2-0-cross-site-scripting-xss-vulnerability) **Description**: WordPress BuddyMeet Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-46069](https://patchstack.com/database/vulnerability/ajax-archive-calendar/wordpress-ajax-archive-calendar-plugin-2-6-7-cross-site-scripting-xss-vulnerability-2) **Description**: WordPress Ajax Archive Calendar Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-46613](https://patchstack.com/database/vulnerability/add-to-calendar-button/wordpress-add-to-calendar-button-plugin-1-5-1-cross-site-scripting-xss-vulnerability) **Description**: WordPress Add to Calendar Button Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-46782](https://patchstack.com/database/vulnerability/cmyee-momentopress/wordpress-momentopress-for-momento360-plugin-1-0-1-cross-site-scripting-xss-vulnerability) **Description**: WordPress MomentoPress for Momento360 Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47190](https://patchstack.com/database/vulnerability/apollo13-framework-extensions/wordpress-apollo13-framework-extensions-plugin-1-9-0-cross-site-scripting-xss-vulnerability) **Description**: WordPress Apollo13 Framework Extensions Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-47239](https://patchstack.com/database/vulnerability/easy-paypal-shopping-cart/wordpress-easy-paypal-shopping-cart-plugin-1-1-10-cross-site-scripting-xss-vulnerability) **Description**: WordPress Easy PayPal Shopping Cart Plugin <= 1.1.10 is vulnerable to Cross Site Scripting (XSS) **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-44242](https://patchstack.com/database/vulnerability/2j-slideshow/wordpress-slideshow-image-slider-by-2j-plugin-1-3-54-cross-site-scripting-xss-vulnerability) **Description**: WordPress Images Slideshow by 2J Plugin <= 1.3.54 is vulnerable to Cross Site Scripting (XSS **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-41696](https://patchstack.com/database/vulnerability/user-submitted-posts/wordpress-user-submitted-posts-plugin-20230901-cross-site-scripting-xss-vulnerability) **Description**: Cross Site Scripting (XSS) vulnerability in WordPress User Submitted Posts Plugin **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.5 --- ### [CVE-2023-4838](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/simple-download-counter/simple-download-counter-16-authenticated-contributor-stored-cross-site-scripting) **Description**: Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.4 --- ### [CVE-2023-4779](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/user-submitted-posts/user-submitted-posts-enable-users-to-submit-posts-from-the-front-end-20230811-authenticated-contributor-stored-cross-site-scripting-via-shortcode) **Description**: User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode **Affected Software/Platform**: Wordpress Plugin **CVSS**: 6.4 --- ## :feet: Conclusion Maintaining a list of CVEs helps in tracking discovered vulnerabilities and contributes to improving cybersecurity. I'm committed to continuing my efforts in identifying and reporting vulnerabilities to enhance the security of digital systems. Feel free to reach out for further details or collaboration opportunities related to these CVEs.