WordPress WP iCal Availability Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP iCal Availability Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41853 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ada00f9a3353 Credits Mika Required...

WordPress WP Accessibility Helper (WAH) Plugin <= 0.6.2.4 is vulnerable to Broken Access Control

Software WP Accessibility Helper WAH Type Plugin Vulnerable versions = 0.6.2.4 Fixed in 0.6.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41869 Patch priority Low CVSS severity Low 4.3 Developer Alexander Volkov PSID e746c281667d Credits thiennv...

WordPress Premium Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF)

Software Premium Starter Templates Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-41804 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 95875b60baf4 Credits Rafie...

WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Remote Code Execution (RCE)

Software RSVPMarker Type Plugin Vulnerable versions = 10.6.6 Fixed in 10.6.7 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-25054 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8f0ff34720aa Credits Ravi Dharmawan Required privilege...

WordPress Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF)

Software Starter Templates Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-41804 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 9a3308ad9975 Credits Rafie Muhammad...

WordPress Use Memcached Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Use Memcached Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41670 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 79bb635c7a5f Credits Nguyen Xuan Chien...

WordPress WP-dTree Plugin <= 4.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP-dTree Type Plugin Vulnerable versions = 4.4.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41667 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID df2c2472ecf8 Credits LEE SE HYOUNG hackintoanetwo...

WordPress WP Migration Plugin DB & Files – WP Synchro Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Migration Plugin DB & Files – WP Synchro Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.10.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41660 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0d4cb791a23...

WordPress authLdap Plugin <= 2.6.0 is vulnerable to Cross Site Scripting (XSS)

Software authLdap Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41655 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1c9c6ce8a2a5 Credits Rio Darmawan Required privileg...

WordPress All-in-One WP Migration Dropbox Extension Plugin <= 3.75 is vulnerable to Broken Access Control

Software All-in-One WP Migration Dropbox Extension Type Plugin Vulnerable versions = 3.75 Fixed in 3.76 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 517b1424056f Credits Raf...

WordPress All-in-One WP Migration OneDrive Extension Plugin <= 1.66 is vulnerable to Broken Access Control

Software All-in-One WP Migration OneDrive Extension Type Plugin Vulnerable versions = 1.66 Fixed in 1.67 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 11686f7de85d Credits...

WordPress Happy Elementor Addons Pro Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Happy Elementor Addons Pro Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41236 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1e3539666fdb Credits Rafie...

WordPress Folders Plugin <= 2.9.2 is vulnerable to Arbitrary File Upload

Software Folders Type Plugin Vulnerable versions = 2.9.2 Fixed in 2.9.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-40204 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID c5881308f6ec Credits Rafie Muhammad Patchstack Required privileg...

WordPress Elements kit Elementor addons Plugin <= 2.9.0 is vulnerable to Broken Access Control

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 2.9.0 Fixed in 2.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-39993 Patch priority Low CVSS severity Low 4.3 Developer Wpmet PSID 73124e646248 Credits Rafie Muhammad Patchstack...

WordPress JupiterX Core Plugin <= 3.3.8 is vulnerable to Privilege Escalation

Software JupiterX Core Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.4.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-38389 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID bb67776164d1 Credits Rafie...

WordPress DX-auto-save-images Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software DX-auto-save-images Type Plugin Vulnerable versions = 1.4.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-40671 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dbea39d50672 Credits Skalucy Required...

WordPress Meta slider and carousel with lightbox Plugin <= 1.8.2 is vulnerable to Broken Access Control

Software Meta slider and carousel with lightbox Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 708ddfc78d3b Credits Abdi...

WordPress JupiterX Core Plugin 3.0.0-3.3.0 is vulnerable to Broken Access Control

Software JupiterX Core Type Plugin Vulnerable versions 3.0.0-3.3.0 Fixed in 3.3.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-38385 Patch priority Low CVSS severity Low 8.3 Developer Claim ownership PSID 202b642bd6d8 Credits Rafie Muhammad Patchstack...

WordPress Post Timeline Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Post Timeline Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4284 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 86a5f3c466ca Credits tnt24 Required...

WordPress Easy!Appointments Plugin <= 1.3.3 is vulnerable to Arbitrary File Deletion

Software Easy!Appointments Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.4.0 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-32295 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 8a50196a1675 Credits Jonas Höbenreich Requir...