WordPress EventON < 4.5.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.5...

WordPress EventON < 4.5.5 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.5...

WordPress Ditty plugin 3.1.39-3.1.45 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Ditty versions 3.1.39-3.1.45...

WordPress Easy Digital Downloads Google Sheet Connector plugin <= 1.6.6 - Cross-Site Request Forgery to Access Code Update vulnerability

Cross-Site Request Forgery to Access Code Update vulnerability discovered by Erwan LR in WordPress Plugin Google Sheet Connector for Easy Digital Downloads versions = 1.6.5...

WordPress Edd Google Sheet Connector Pro plugin < 1.4 - Cross-Site Request Forgery to Access Code Update vulnerability

Cross-Site Request Forgery to Access Code Update vulnerability discovered by Erwan LR in WordPress Plugin Edd Google Sheet Connector Pro versions 1.4...

WordPress NextGEN Gallery plugin < 3.59.9 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin NextGEN Gallery versions 3.59.9...

WordPress Float menu plugin < 6.0.1 - Menu Deletion via CSRF vulnerability

Menu Deletion via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin Float menu versions 6.0.1...

WordPress WooCommerce Customers Manager plugin < 29.8 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin WooCommerce Customers Manager versions 29.8...

WordPress WooCommerce Product Filter plugin < 1.4.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Themify – WooCommerce Product Filter versions 1.4.4...

WordPress WooCommerce Product Filter plugin < 1.4.4 - Filter Deletion via CSRF vulnerability

Filter Deletion via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin Themify – WooCommerce Product Filter versions 1.4.4...

WordPress Caldera Forms Google Sheets Connector Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Caldera Forms Google Sheets Connector Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2330 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 989c25f04825 Credits...

WordPress ChatBot Plugin <= 4.4.6 is vulnerable to PHP Object Injection

Software ChatBot Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1650 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 84bd0e4874e7 Credits Erwan LR Required privilege Unauthenticated...

WordPress Realia plugin <= 1.4 - Unauthenticated IDOR leading to Arbitrary Post Deletion vulnerability

Unauthenticated IDOR leading to Arbitrary Post Deletion vulnerability found by Vlad Vector, Erwan LR in WordPress Realia plugin versions = 1.4. Solution 2020-12-03 - no patched version available, only note from WordPress plugin repository "This plugin has been closed as of August 14, 2020 and is...