WordPress Quttera Web Malware Scanner Plugin <= 3.4.1.48 is vulnerable to Sensitive Data Exposure

Software Quttera Web Malware Scanner Type Plugin Vulnerable versions = 3.4.1.48 Fixed in 3.4.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6065 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6c25e4bb0dc6 Credits Dmitrii...

WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Perfmatters Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47875 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 02a9c657f03b Credits Dave Jong Patchstack...

WordPress Perfmatters Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Perfmatters Type Plugin Vulnerable versions 2.2.0 Fixed in 2.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47877 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 95a1cb6cdea5 Credits Dave Jong Patchstack Required privileg...

WordPress Parallax Image Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Parallax Image Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47854 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 03c7e3341e44 Credits resecured.io Required privilege Contribut...

WordPress BlossomThemes Email Newsletter Plugin <= 2.2.4 is vulnerable to Broken Access Control

Software BlossomThemes Email Newsletter Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47849 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 051053384c38 Credits Abdi...

WordPress Audio Merchant Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Audio Merchant Type Plugin Vulnerable versions = 5.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6196 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 8d1ec07de68f Credits Ala Arfaoui Required...

WordPress Grab & Save Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Grab & Save Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47844 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 52717b94fa86 Credits Dimas Maulana Required privilege...

WordPress WP Githuber MD Plugin <= 1.16.2 is vulnerable to Arbitrary File Upload

Software WP Githuber MD Type Plugin Vulnerable versions = 1.16.2 Fixed in 1.16.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-47846 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID b732ced6291a Credits Rafie Muhammad Patchstack Required...

WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Broken Access Control

Software Perfmatters Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47874 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID b2fde2f095d3 Credits Dave Jong Patchstack Requir...

WordPress wpMandrill Plugin <= 1.33 is vulnerable to Broken Access Control

Software wpMandrill Type Plugin Vulnerable versions = 1.33 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47828 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ca3867a3ec02 Credits Abdi Pranata Required privilege...

WordPress Charitable Plugin <= 1.7.0.13 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.7.0.13 Fixed in 1.7.0.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47816 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 00dfa7559152 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Jetpack Plugin <= 12.8-a.1 is vulnerable to Cross Site Scripting (XSS)

Software Jetpack Type Plugin Vulnerable versions = 12.8-a.1 Fixed in 12.8-a.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45050 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8bdf519cb2b8 Credits Rafie Muhammad Patchstack Required...

WordPress Phlox Shop Plugin <= 2.0.0 is vulnerable to Local File Inclusion

Software Phlox Shop Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-39163 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 2e21185d83c1 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Jetpack Plugin < 12.7 is vulnerable to Clickjacking

Software Jetpack Type Plugin Vulnerable versions 12.7 Fixed in 12.7 OWASP Top 10 A3: Injection Classification Clickjacking CVE CVE-2023-47774 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 18fefcc21cac Credits Rafie Muhammad Patchstack Required privilege Contributor...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.14.0 is vulnerable to Local File Inclusion

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.14.0 Fixed in 2.15.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-37888 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 2ea7a20d00de Credits Rafie...

WordPress Elementor Addon Elements Plugin <= 1.12.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.12.7 Fixed in 1.12.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4690 Patch priority Low CVSS severity Low 4.3 Developer WPVibes PSID 4fc8bb67050e Credits WordFence Require...

WordPress Namaste! LMS Plugin <= 2.6.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Namaste! LMS Type Plugin Vulnerable versions = 2.6.1.1 Fixed in 2.6.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4602 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 31640ca97ff3 Credits Vincenzo Turturro...

WordPress Pz-LinkCard Plugin <= 2.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pz-LinkCard Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.5.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47790 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1f315cc56e29 Credits Le Ngoc Anh...

WordPress Thrive Theme Builder Theme < 3.24.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Thrive Theme Builder Type Theme Vulnerable versions 3.24.2 Fixed in 3.24.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47781 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID adbf55b004a2 Credits Rafie Muhammad...

WordPress Slider Revolution Plugin <= 6.6.15 is vulnerable to Arbitrary File Upload

Software Slider Revolution Type Plugin Vulnerable versions = 6.6.15 Fixed in 6.6.16 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-47784 Patch priority Low CVSS severity Low 8.4 Developer ThemePunch PSID 92c233355a76 Credits Rafie Muhammad Patchstack Required privile...