WordPress Ultimate Addons for Elementor Plugin <= 1.36.20 is vulnerable to Privilege Escalation

Software Ultimate Addons for Elementor Type Plugin Vulnerable versions = 1.36.20 Fixed in 1.36.21 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-50890 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID...

WordPress WordPress.com Editing Toolkit Plugin <= 3.78784 is vulnerable to Cross Site Scripting (XSS)

Software WordPress.com Editing Toolkit Type Plugin Vulnerable versions = 3.78784 Fixed in 3.79153 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50879 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b5ab907cd855 Credits Rafie Muhammad...

WordPress Essential Blocks for Gutenberg Plugin <= 4.2.0 is vulnerable to Broken Access Control

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51360 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID aa89b26b64fb Credits Rafie Muhamm...

WordPress WP Retina 2x Plugin < 6.4.6 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:meowapps:wpretina2x"; ifdescription...

WordPress Uncode Core Plugin <= 2.8.8 is vulnerable to Arbitrary File Deletion

Software Uncode Core Type Plugin Vulnerable versions = 2.8.8 Fixed in 2.8.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-51500 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID db4f1f58fbde Credits Rafie Muhammad Patchstack...

WordPress WP Mail Catcher Plugin <= 2.1.3 is vulnerable to SQL Injection

Software WP Mail Catcher Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50844 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 8506292c33f5 Credits Muhammad Daffa Required privilege Administrator...

WordPress Uncode Core Plugin <= 2.8.8 is vulnerable to Privilege Escalation

Software Uncode Core Type Plugin Vulnerable versions = 2.8.8 Fixed in 2.8.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51515 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID cbf9fea3f077 Credits Rafie...

WordPress Ocean Extra Plugin < 2.2.3 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oceanwp:oceanextra"; if description...

WordPress Spectra - WordPress Gutenberg Blocks Plugin < 2.7.10 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:brainstormforce:spectra"; ifdescription...

WordPress CURCY Plugin <= 2.2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software CURCY Type Plugin Vulnerable versions = 2.2.0.1 Fixed in 2.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50831 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5702a980d547 Credits LVT-tholv2k Required privilege Contributor...

WordPress WP Go Maps Plugin < 9.0.28 is vulnerable to Cross Site Scripting (XSS)

Software WP Go Maps Type Plugin Vulnerable versions 9.0.28 Fixed in 9.0.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6627 Patch priority Medium CVSS severity Medium 7.1 Developer WP Go Maps PSID 5fe45794e92f Credits Marc Montpas Required...

WordPress GG Woo Feed for WooCommerce Plugin <= 1.2.4 is vulnerable to Broken Access Control

Software GG Woo Feed for WooCommerce Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6638 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2cec2849f3e7 Credits István Márto...

WordPress SpeedyCache Plugin < 1.1.3 SSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:softaculous:speedycache"; if description...

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability

WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the...

WordPress Shortcoder Plugin <= 6.3 is vulnerable to Broken Access Control

Software Shortcoder Type Plugin Vulnerable versions = 6.3 Fixed in 6.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49849 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID f8adf2be0194 Credits Abdi Pranata Required privileg...

WordPress Cosmetsy Core Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Cosmetsy Core Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49839 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 77a58ba376e1 Credits RE-ALTER Required privilege...

WordPress Essential Addons for Elementor Pro Plugin < 5.4.9 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpdeveloper:essentialaddonsforelementor"; if description...

WordPress WappPress Plugin <= 5.0.3 is vulnerable to Arbitrary File Upload

Software WappPress Type Plugin Vulnerable versions = 5.0.3 Fixed in 6.0.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-49815 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 7f1643a48293 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Genesis Simple Love Plugin <= 2.0 is vulnerable to PHP Object Injection

Software Genesis Simple Love Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49772 Patch priority High CVSS severity High 10 Developer Claim ownership PSID fa51f08cd8a2 Credits Rafie Muhammad Patchstack Required...

WordPress Soledad Theme <= 8.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49827 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4415c6f5a085 Credits Rafie Muhammad Patchstack Required...