Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical0
High0
Medium3
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2025-02-06

CVE-2023-1371 - W4 Post List Plugin

The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them

PLUGIN W4 Post List

CVE-2023-1371

MEDIUM CVSS 6.5 2023-04-17
Open Full Technical Breakdown
Threat Entry Updated 2025-02-06

CVE-2023-1373 - W4 Post List Plugin

The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

PLUGIN W4 Post List

CVE-2023-1373

MEDIUM CVSS 6.1 2023-04-17
Open Full Technical Breakdown
Threat Entry Updated 2025-02-06

CVE-2023-0374 - W4 Post List Plugin

The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

PLUGIN W4 Post List

CVE-2023-0374

MEDIUM CVSS 5.4 2023-04-17
Open Full Technical Breakdown
Scroll to top