WordPress BetterDocs Plugin <= 2.5.2 is vulnerable to Broken Access Control

Software BetterDocs Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.5.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47762 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a29f1668c541 Credits Abdi Pranata Required...

WordPress Mini Cart Drawer For WooCommerce Plugin <= 4.0.0 is vulnerable to Broken Access Control

Software Mini Cart Drawer For WooCommerce Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47694 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d5e11a29b0ee Credits Abdi Pranata...

WordPress Preloader Matrix Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Preloader Matrix Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47685 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 500447b9268e Credits Skalucy Required...

WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.6.6 is vulnerable to Privilege Escalation

Software WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Type Plugin Vulnerable versions = 7.6.6 Fixed in 7.6.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-47683 Patch priority High CVSS severity High 8...

WordPress Essential Grid Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Essential Grid Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47684 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0ab6025608bb Credits Rafie Muhammad Patchstack Required...

WordPress WP User Frontend Plugin <= 3.6.5 is vulnerable to Privilege Escalation

Software WP User Frontend Type Plugin Vulnerable versions = 3.6.5 Fixed in 3.6.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-47682 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 55cf1b7c7f7f Credits Rafie...

WordPress Qi Addons For Elementor Plugin <= 1.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Qi Addons For Elementor Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47680 Patch priority Low CVSS severity Low 6.5 Developer Qode Interactive PSID dee29da77c21 Credits Rafie Muhammad...

WordPress Q2W3 Post Order Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Q2W3 Post Order Type Plugin Vulnerable versions = 1.2.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47521 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cb5de227d10d Credits Le Ngoc Anh Require...

WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Master Slider Pro Type Plugin Vulnerable versions = 3.6.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47508 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7401df79a69d Credits Rafie Muhammad Patchstack Required...

WordPress Garden Gnome Package Plugin <= 2.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Garden Gnome Package Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5664 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 790dcd0a5adc Credits Lana Codes Required...

WordPress UpdraftPlus Plugin <= 1.23.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software UpdraftPlus Type Plugin Vulnerable versions = 1.23.10 Fixed in 1.23.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5982 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ef8f3eafdf9f Credits Nicolas Decayeux...

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Broken Access Control

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47647 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 662abc807ad6 Credits Elliot Required privilege Subscriber...

WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to SQL Injection

Software Master Slider Pro Type Plugin Vulnerable versions = 3.6.5 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-47506 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID c8ae4f7ba318 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Kadence WooCommerce Email Designer Type Plugin Vulnerable versions = 1.5.11 Fixed in 1.5.12 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47186 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d7f0bae8b697 Credit...

WordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Email Templates Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47181 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7902f9015dbc Credits Cat Required...

WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Scripting (XSS)

Software ShortCodes UI Type Plugin Vulnerable versions = 1.9.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47231 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1d2b471bd5be Credits Abdi Pranata Required...

WordPress Message ticker Plugin <= 9.2 is vulnerable to SQL Injection

Software Message ticker Type Plugin Vulnerable versions = 9.2 Fixed in 9.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5433 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7c80f52b28f8 Credits István Márton Required privilege Contributor Published ...

WordPress Left right image slideshow gallery Plugin <= 12.0 is vulnerable to SQL Injection

Software Left right image slideshow gallery Type Plugin Vulnerable versions = 12.0 Fixed in 12.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5431 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a8ec43c6fd5b Credits István Márton Required privilege...

WordPress WP fade in text news Plugin <= 12.0 is vulnerable to SQL Injection

Software WP fade in text news Type Plugin Vulnerable versions = 12.0 Fixed in 12.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5437 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID fa9eab877745 Credits István Márton Required privilege Contributor...

WordPress Superb slideshow gallery Plugin <= 13.1 is vulnerable to SQL Injection

Software Superb slideshow gallery Type Plugin Vulnerable versions = 13.1 Fixed in 13.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5434 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 2f0f3b992f7b Credits István Márton Required privilege Contributo...