WordPress Atarim Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Atarim Type Plugin Vulnerable versions = 3.9.3 Fixed in 3.9.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-37393 Patch priority Medium CVSS severity Medium 7.1 Developer Atarim PSID bc406b115680 Credits Robert DeVore Required privilege Unauthenticated...

WordPress Fusion Builder Plugin <= 3.11.1 is vulnerable to Cross Site Scripting (XSS)

Software Fusion Builder Type Plugin Vulnerable versions = 3.11.1 Fixed in 3.11.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-39306 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bdcd9585d35e Credits Rafie Muhammad Patchstack...

WordPress Avada Theme <= 7.11.1 is vulnerable to Arbitrary File Upload

Software Avada Type Theme Vulnerable versions = 7.11.1 Fixed in 7.11.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-39307 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 332539b4f8ac Credits Rafie Muhammad Patchstack Required privilege...

WordPress Avada Theme <= 7.11.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Avada Type Theme Vulnerable versions = 7.11.1 Fixed in 7.11.2 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-39313 Patch priority Low CVSS severity Low 7.7 Developer Claim ownership PSID 8a9512654743 Credits Rafie Muhammad Patchstack...

WordPress Avada Theme <= 7.11.1 is vulnerable to Arbitrary File Upload

Software Avada Type Theme Vulnerable versions = 7.11.1 Fixed in 7.11.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-39312 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID 1d3152e6549b Credits Rafie Muhammad Patchstack Required privilege...

WordPress Profile Builder Plugin < 3.9.8 is vulnerable to Broken Access Control

Software Profile Builder Type Plugin Vulnerable versions 3.9.8 Fixed in 3.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d26167c89534 Credits WordFence Required privilege Unauthenticat...

WordPress Paid Memberships Pro Plugin <= 1.2.3 is vulnerable to Broken Access Control

Software Paid Memberships Pro Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-39990 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bcc25db021d7 Credits Rafie Muhammad Patchstac...

WordPress Sign-up Sheets Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Sign-up Sheets Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39165 Patch priority Low CVSS severity Low 5.4 Developer Fetch Designs PSID 3cb2a78e83f5 Credits Nguyen Xuan Chien...

WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Privilege Escalation

Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2023-4140 Patch priority Medium CVSS severity Medium 6.6 Developer Claim ownership PSID 2cf9cad320b2 Credits István Márton...

Exploit for Cross-site Scripting in Ninjaforms Ninja_Forms

CVE-2023-37979 Exploit !Python Versionhttps://img.shields...

Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable

Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data. The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below,...

WordPress CartFlows Pro Plugin <= 1.11.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software CartFlows Pro Type Plugin Vulnerable versions = 1.11.12 Fixed in 1.11.13 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-36685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 55367cef894b Credits Rafie Muhammad...

WordPress Discussion Board Plugin <= 2.4.8 is vulnerable to Content Injection

Software Discussion Board Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A5: Broken Access Control Classification Content Injection CVE CVE-2023-39161 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e808296acb35 Credits Abdi Pranata Required privilege...

WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin < 2.0 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Job Board and Recruitment Plugin – JobWP Type Plugin Vulnerable versions 2.0 Fixed in 2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 780dd7fc5706 Credits Raf...

WordPress AGP Font Awesome Collection Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS)

Software AGP Font Awesome Collection Type Plugin Vulnerable versions = 3.2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30481 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ba2b59776bbc Credits Skalucy...

WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software wp tell a friend popup form Type Plugin Vulnerable versions = 7.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25463 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0d96ae4f5c91 Credits yuyudhn...

WordPress Convert Pro Plugin <= 1.7.5 is vulnerable to Broken Access Control

Software Convert Pro Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36684 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a39b0cc59883 Credits Rafie Muhammad Patchstack...

WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL Injection

Software Subscribe to Category Type Plugin Vulnerable versions = 2.7.4 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32590 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2968f51bb060 Credits Mika Required privilege Unauthenticated...

WordPress Multicollab – Google Doc-Style Editorial Commenting for WordPress Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Software Multicollab – Google Doc-Style Editorial Commenting for WordPress Type Plugin Vulnerable versions = 3.1 Fixed in 3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 946cd7dfe9f...

WordPress Stop User Enumeration Plugin <= 1.3.33 is vulnerable to Cross Site Scripting (XSS)

Software Stop User Enumeration Type Plugin Vulnerable versions = 1.3.33 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Fullworks Plugins PSID 22f6daf0abff Credits Rafie Muhammad Patchstack...