CVE-2023-33312: WordPress Easy Captcha Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Easy Captcha plugin <= 1.0 versions.
Published Jul 18, 2023 · Updated Apr 28, 2026
Browse CVE records published in July 2023, with severity, affected products, CWE, KEV, and source-backed vulnerability context.
Showing 50 of 2181 matching CVEs · Page 3 of 44.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Easy Captcha plugin <= 1.0 versions.
Published Jul 18, 2023 · Updated Apr 28, 2026
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab Jazz Popups plugin <= 1.8.7 versions.
Published Jul 18, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
Published Jul 17, 2023 · Updated Apr 28, 2026
Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <= 2.9.20 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions.
Published Jul 17, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions.
Published Jul 17, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes plugin <= 1.4.14 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tiles plugin <= 1.1.2 versions.
Published Jul 18, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather Station plugin <= 3.8.12 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino Flickr Justified Gallery plugin <= 3.5 versions.
Published Jul 18, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Smart YouTube PRO plugin <= 4.3 versions.
Published Jul 18, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.5 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Reply Notification plugin <= 1.4 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin <= 1.6 versions.
Published Jul 18, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSecur Security plugin <= 1.2.1 versions.
Published Jul 18, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin <= 1.0.3 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database Collation Fix plugin <= 1.2.7 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com LionScripts: IP Blocker Lite plugin <= 11.1.1 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin <= 1.6.1 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Steven Henty Drop Shadow Boxes plugin <= 1.7.10 versions.
Published Jul 25, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed plugin <= 1.2.7 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <= 1.2.1 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= 1.3.17 versions.
Published Jul 17, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.
Published Jul 11, 2023 · Updated Apr 28, 2026
Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions.
Published Jul 18, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions.
Published Jul 17, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin <= 1.5.8 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Monetization by MageNet plugin <= 1.0.29.1 versions.
Published Jul 10, 2023 · Updated Apr 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.
Published Jul 17, 2023 · Updated Apr 28, 2026
The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gallery_remove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to posts and pages with this plugin.
Published Jul 12, 2023 · Updated Apr 8, 2026
The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published Jul 12, 2023 · Updated Apr 8, 2026
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated. NOTE: This vulnerability was partially patched in version 4.6.5 and fully patched in version 4.6.9.
Published Jul 21, 2023 · Updated Apr 8, 2026
The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: An incomplete fix was released in 1.11.1.
Published Jul 12, 2023 · Updated Apr 8, 2026
The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the 'text value set via the bmc_post_reception action. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to inject arbitrary web scripts into pages that execute whenever a victim accesses a page with the injected scripts.
Published Jul 14, 2023 · Updated Apr 8, 2026