WordPress Order Export & Order Import for WooCommerce Plugin <= 2.4.3 is vulnerable to Arbitrary File Upload

Software Order Export & Order Import for WooCommerce Type Plugin Vulnerable versions = 2.4.3 Fixed in 2.4.4 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-22135 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID cc645a98d1b8 Credits Dateoljo ...

WordPress Contact Form 7 Connector Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Form 7 Connector Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 29ab020c5c41 Credits WordFence Required...

WordPress Word Replacer Pro Plugin <= 1.0 is vulnerable to Broken Access Control

Software Word Replacer Pro Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-52229 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 214b09832f8e Credits thiennv Required privilege...

WordPress Gecka Terms Thumbnails Plugin <= 1.1 is vulnerable to PHP Object Injection

Software Gecka Terms Thumbnails Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52219 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 8f080ffeedc5 Credits Rafie Muhammad Patchstack Required...

WordPress WooCommerce Plugin <= 8.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce Type Plugin Vulnerable versions = 8.2.2 Fixed in 8.3.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52222 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 176f4af4b60c Credits Rafie Muhammad Patchsta...

WordPress WooCommerce Tranzila Gateway Plugin <= 1.0.8 is vulnerable to PHP Object Injection

Software WooCommerce Tranzila Gateway Type Plugin Vulnerable versions = 1.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52218 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 69111059637e Credits Rafie Muhammad Patchstack...

WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection

Software WP ERP Type Plugin Vulnerable versions = 1.12.8 Fixed in 1.12.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-21747 Patch priority Medium CVSS severity Medium 7.6 Developer Claim ownership PSID bff329846441 Credits Arvandy Required privilege Accounting Manager...

WordPress Taggbox Plugin <= 3.1 is vulnerable to PHP Object Injection

Software Taggbox Type Plugin Vulnerable versions = 3.1 Fixed in 3.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52225 Patch priority High CVSS severity High 10 Developer Claim ownership PSID cec0f62daeea Credits Rafie Muhammad Patchstack Required privilege...

WordPress Booster Plus for WooCommerce Plugin < 7.1.2 is vulnerable to Sensitive Data Exposure

Software Booster Plus for WooCommerce Type Plugin Vulnerable versions 7.1.2 Fixed in 7.1.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-52231 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 68cd268b2b71 Credits Dave Jong...

WordPress Booster Elite for WooCommerce Plugin < 7.1.2 is vulnerable to Sensitive Data Exposure

Software Booster Elite for WooCommerce Type Plugin Vulnerable versions 7.1.2 Fixed in 7.1.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-52234 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1cbd56a2d0a1 Credits Dave Jong...

WordPress Booster Plus for WooCommerce Plugin < 7.1.2 is vulnerable to Arbitrary Content Deletion

Software Booster Plus for WooCommerce Type Plugin Vulnerable versions 7.1.2 Fixed in 7.1.2 OWASP Top 10 A1: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-52232 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c6f3c3864370 Credits Dave Jo...

WordPress WP 2FA Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP 2FA Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6520 Patch priority Low CVSS severity Low 4.3 Developer Melapress PSID 95117a5d7a1e Credits Ulyses Saicha Required privilege...

WordPress HTML5 MP3 Player with Folder Feedburner Plugin <= 2.8.0 is vulnerable to PHP Object Injection

Software HTML5 MP3 Player with Folder Feedburner Type Plugin Vulnerable versions = 2.8.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52202 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID 379c769eaf42 Credits Rafie Muhammad...

WordPress Rate Star Review Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Rate Star Review Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.5.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52213 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 73dc6c7e7398 Credits Kang SeoHee Required privilege...

WordPress ARMember Plugin <= 4.0.22 is vulnerable to Cross Site Request Forgery (CSRF)

Software ARMember Type Plugin Vulnerable versions = 4.0.22 Fixed in 4.0.23 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52200 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 7905097651fa Credits Rafie Muhammad Patchstac...

WordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object Injection

Software ARI Stream Quiz Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52182 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c9a4f35de1f1 Credits Rafie Muhammad Patchstack Required...

WordPress White Label Plugin <= 2.9.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software White Label Type Plugin Vulnerable versions = 2.9.0 Fixed in 2.9.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52128 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 46d772e6a849 Credits Brandon Roldan Required...

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.3.0 is vulnerable to PHP Object Injection

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49777 Patch priority Medium CVSS severity Medium 9.1 Developer YITH PSID e13ee0c34e43 Credits Rafie Muhammad Patchstack...

WordPress GEO my WordPress Plugin <= 4.0.2 is vulnerable to SQL Injection

Software GEO my WordPress Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-52134 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID fc0434c42d54 Credits Muhammad Daffa Required privilege Administrator...

WordPress TerraClassifieds Plugin <= 2.0.3 is vulnerable to Arbitrary File Upload

Software TerraClassifieds Type Plugin Vulnerable versions = 2.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-51473 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 027895de82c1 Credits Rafie Muhammad Patchstack Required...