WordPress Pre-Orders for WooCommerce Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS)

Software Pre-Orders for WooCommerce Type Plugin Vulnerable versions = 1.2.13 Fixed in 1.2.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46783 Patch priority Medium CVSS severity Medium 6.5 Developer Bright Plugins PSID 2af48c0b751e Credits Khalid Yusuf Require...

WordPress Custom My Account for Woocommerce Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Custom My Account for Woocommerce Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46634 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 57a74cf6a7e6 Credits qilin...

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.2.0 is vulnerable to Broken Access Control

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46635 Patch priority Medium CVSS severity Medium 5.3 Developer YITH PSID e6f126f82710 Credits Elliot Required...

WordPress WP EXtra Plugin <= 6.2 is vulnerable to Remote Code Execution (RCE)

Software WP EXtra Type Plugin Vulnerable versions = 6.2 Fixed in 6.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-46623 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4dd4ccde8243 Credits TP Cyber Security Required privilege Subscribe...

WordPress Smart Online Order for Clover Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46312 Patch priority High CVSS severity High 7.1 Developer Zaytech PSID 99ef88d7e47d Credits thiennv Require...

WordPress Duplicate Theme Plugin <= 0.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Duplicate Theme Type Plugin Vulnerable versions = 0.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46204 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 984be09156c0 Credits Elliot Required...

WordPress Archivist – Custom Archive Templates Plugin <= 1.7.7 is vulnerable to Cross Site Scripting (XSS)

Software Archivist – Custom Archive Templates Type Plugin Vulnerable versions = 1.7.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46194 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 9eaf34517c88 Credit...

WordPress Templately Plugin < 2.2.6 is vulnerable to Broken Access Control

Software Templately Type Plugin Vulnerable versions 2.2.6 Fixed in 2.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5454 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d43e1c889b21 Credits Krzysztof Zając CERT PL Require...

WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)

Software Spider Facebook Type Plugin Vulnerable versions = 1.0.15 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46090 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 44993b9d3d08 Credits LEE SE HYOUNG...

WordPress Ajax Archive Calendar Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Archive Calendar Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46069 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2c6a1e009987 Credits Ngô Thiên An ancorn from...

WordPress Broken Link Checker | Finder Plugin <= 2.4.2 is vulnerable to Broken Access Control

Software Broken Link Checker | Finder Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.5.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46082 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID cfffdd260ad0 Credits Abdi Prana...

WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to SQL Injection

Software Icons Font Loader Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.2.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-46084 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 98ab41839260 Credits minhtuanact Required privilege Subscriber...

WordPress Gutenberg Plugin <= 16.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Type Plugin Vulnerable versions = 16.8.0 Fixed in 16.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38000 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fc1d5fbe52a2 Credits Rafie Muhammad Patchstack Required...

WordPress Ultimate Taxonomy Manager Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ultimate Taxonomy Manager Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45836 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 646016b8aa59 Credits thiennv...

WordPress Post Gallery Plugin <= 2.3.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Gallery Type Plugin Vulnerable versions = 2.3.12 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45752 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e7bbac19db20 Credits Mika Required privilege...

WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software ApplyOnline – Application Form Builder and Manager Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45756 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID...

WordPress Simple Tweet Plugin <= 1.4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Tweet Type Plugin Vulnerable versions = 1.4.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45767 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3b30792fe2d1 Credits Rio Darmawan Required...

WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Remote Code Execution (RCE)

Software Nexter Extension Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-45751 Patch priority Medium CVSS severity Medium 9.1 Developer POSIMYTH Innovations PSID 69a3443fb3d9 Credits Rafie Muhammad Patchstack...

WordPress WP Lightbox 2 Plugin <= 3.0.6.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Lightbox 2 Type Plugin Vulnerable versions = 3.0.6.5 Fixed in 3.0.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45747 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ca09e79d583e Credits Rio Darmawan Required...

WordPress Sort SearchResult By Title Plugin <= 10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Sort SearchResult By Title Type Plugin Vulnerable versions = 10.0 Fixed in 11.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45639 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3afb47c8e79f Credits Skalucy...