Skip to main content

W4 Post List

4 CVEs product

Monthly

CVE-2023-27413 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS W4 Post List
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1373 MEDIUM POC This Month

The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS W4 Post List
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1371 MEDIUM POC This Month

The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass W4 Post List
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-0374 MEDIUM POC This Month

The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS W4 Post List
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
EPSS 0% CVSS 5.4
MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS W4 Post List
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS W4 Post List
NVD WPScan
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass W4 Post List
NVD WPScan
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS W4 Post List
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy