CVE-2023-23718 - Page Loading Effects <= 2.0.0 Admin+ Stored Cross-Site Scripting
The plugin does not escape the user input, which could allow high-privileged users to perform Cross-Site Scripting attacks.
The plugin does not escape the user input, which could allow high-privileged users to perform Cross-Site Scripting attacks.
WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF)
There is SQL Injection vulnerability at Bang Resto 1.0.
Unauthenticated user able to add admin account due to missing CSRF protection at Helmet Store Showroom v1.0.