WordPress Rest Routes – Custom Endpoints for WP REST API Plugin < 4.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Rest Routes – Custom Endpoints for WP REST API Type Plugin Vulnerable versions 4.4.1 Fixed in 4.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8d3ad1937efb Credits Raf...

WordPress Qyrr – simply and modern QR-Code creation Plugin < 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Qyrr – simply and modern QR-Code creation Type Plugin Vulnerable versions 1.5 Fixed in 1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Patrick Posner PSID b4effa18b733 Credits Rafie Muhamma...

WordPress Auto Mail - Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce Plugin < 1.1.78 is vulnerable to Cross Site Scripting (XSS)

Software Auto Mail - Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce Type Plugin Vulnerable versions 1.1.78 Fixed in 1.1.78 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1...

WordPress Custom Tabs for Products WooCommerce Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Custom Tabs for Products WooCommerce Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e95b47afb3cf Credits Rafie Muhamma...

WordPress AI Moderator for BuddyPress Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software AI Moderator for BuddyPress Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d7473268bed6 Credits Rafie Muhammad Patchstac...

WordPress WooCommerce EU VAT Assistant Plugin <= 2.0.43.230518 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce EU VAT Assistant Type Plugin Vulnerable versions = 2.0.43.230518 Fixed in 2.1.2.230718 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b78924498cc5 Credits Rafi...

WordPress Content Hubs Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Content Hubs Type Plugin Vulnerable versions = 1.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 988f22d403da Credits Rafie Muhammad Patchstack Required...

WordPress WP Frontend Profile Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Frontend Profile Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 90b628a038de Credits Rafie Muhammad Patchstack...

WordPress WordPress Dev Powers – ACF Color Coded Field Types Plugin Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Dev Powers – ACF Color Coded Field Types Plugin Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2f5b5cda205c...

WordPress One Click Login Plugin <= 1.24.0 is vulnerable to Cross Site Scripting (XSS)

Software One Click Login Type Plugin Vulnerable versions = 1.24.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2aa3a0f8b2a9 Credits Rafie Muhammad Patchstack Require...

WordPress Premmerce Product Search for WooCommerce Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Premmerce Product Search for WooCommerce Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Premmerce PSID df89cf768ffd Credits Rafie Muhamma...

WordPress WooCommerce Variation Swatches for Products Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Variation Swatches for Products Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2750602126f2 Credits Rafie...

WordPress ClickerVolt – Affiliate Links & Click Tracking for Performance Marketers Plugin <= 1.169 is vulnerable to Cross Site Scripting (XSS)

Software ClickerVolt – Affiliate Links & Click Tracking for Performance Marketers Type Plugin Vulnerable versions = 1.169 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSI...

WordPress DIVI Maker – Create your own DIVI Modules Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software DIVI Maker – Create your own DIVI Modules Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8935540b0df Credits Rafie...

WordPress Woo Ukrposhta Plugin <= 1.6.18 is vulnerable to Cross Site Scripting (XSS)

Software Woo Ukrposhta Type Plugin Vulnerable versions = 1.6.18 Fixed in 1.17.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de1e22b9d945 Credits Rafie Muhammad Patchstack Requir...

WordPress Bulk Edit Easy Digital Downloads – Fast Bulk Creator Plugin < 1.0.62 is vulnerable to Cross Site Scripting (XSS)

Software Bulk Edit Easy Digital Downloads – Fast Bulk Creator Type Plugin Vulnerable versions 1.0.62 Fixed in 1.0.62 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9f06b59d7222...

WordPress Simple Sponsorships Plugin <= 1.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Simple Sponsorships Type Plugin Vulnerable versions = 1.8.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b240f816b732 Credits Rafie Muhammad Patchstack...

WordPress Local SEO For Divi & Gutenberg Blocks Plugin < 9.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Local SEO For Divi & Gutenberg Blocks Type Plugin Vulnerable versions 9.2.1 Fixed in 9.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9be3b701dbe0 Credits Rafie Muhamm...

WordPress Events Addon for Elementor Plugin < 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Events Addon for Elementor Type Plugin Vulnerable versions 2.0.3 Fixed in 2.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ee0a2921c21 Credits Rafie Muhammad Patchsta...

WordPress Independent Analytics - Google Analytics Alternative for WordPress Plugin < 1.26.0 is vulnerable to Cross Site Scripting (XSS)

Software Independent Analytics - Google Analytics Alternative for WordPress Type Plugin Vulnerable versions 1.26.0 Fixed in 1.26.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...