WordPress Woo Custom Emails Plugin <= 2.2 is vulnerable to Broken Access Control

Software Woo Custom Emails Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32507 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID d401968a61b0 Credits minhtuanact Required privileg...

WordPress Flatsome Theme <= 3.16.8 is vulnerable to Cross Site Scripting (XSS)

Software Flatsome Type Theme Vulnerable versions = 3.16.8 Fixed in 3.17.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28994 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c500cd25ae6b Credits Rafie Muhammad Patchsta...

WordPress Zero Spam Plugin <= 5.4.4 is vulnerable to SQL Injection

Software Zero Spam Type Plugin Vulnerable versions = 5.4.4 Fixed in 5.4.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32121 Patch priority Low CVSS severity Low 7.6 Developer Highfivery PSID e207350207ef Credits OZ1NG TOOR, LISA Required privilege Administrator Published ...

WordPress SALERT Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software SALERT Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32118 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c132ae91ace9 Credits Jonas Höbenreich Required...

WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28749 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 611848008c27 Credits Abd...

WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL Injection

Software Ultimate Addons for Contact Form 7 Type Plugin Vulnerable versions = 3.1.23 Fixed in 3.1.24 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47586 Patch priority High CVSS severity High 8.2 Developer Themefic PSID 7a22cfa758d5 Credits minhtuanact Required privilege...

WordPress TheGem (Elementor) Theme < 5.8.1.1 is vulnerable to Cross Site Scripting (XSS)

Software TheGem Elementor Type Theme Vulnerable versions 5.8.1.1 Fixed in 5.8.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32237 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 54db6f410b09 Credits Dave Jong Patchstack...

WordPress TheGem (Elementor) Theme < 5.8.1.1 is vulnerable to Broken Access Control

Software TheGem Elementor Type Theme Vulnerable versions 5.8.1.1 Fixed in 5.8.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32238 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0aabfb27ad22 Credits Dave Jong Patchstack Requir...

WordPress Community by PeepSo Plugin <= 6.0.9.0 is vulnerable to Sensitive Data Exposure

Software Community by PeepSo Type Plugin Vulnerable versions = 6.0.9.0 Fixed in 6.1.0.0 OWASP Top 10 A5: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-27630 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 51cd63709c31 Credits Dave Jong Patchstac...

WordPress Editorialmag Theme <= 1.2.2 is vulnerable to Broken Authentication

Software Editorialmag Type Theme Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-32129 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 00a9bb50291c Credits Dave Jong Patchstack Required...

WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations Plugin <= 2.2.7 is vulnerable to SQL Injection

Software Cryptocurrency Donation Box – Bitcoin & Crypto Donations Type Plugin Vulnerable versions = 2.2.7 Fixed in 2.2.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32128 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 2fba65309901 Credits Mika...

WordPress CM Pop-Up banners Plugin <= 1.5.10 is vulnerable to SQL Injection

Software CM Pop-Up banners Type Plugin Vulnerable versions = 1.5.10 Fixed in 1.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-30750 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID a1957d5dbbe6 Credits Dave Jong Patchstack Required privilege...

WordPress JupiterX Theme <= 3.0.0 is vulnerable to Local File Inclusion

Software JupiterX Type Theme Vulnerable versions = 3.0.0 Fixed in 3.1.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-32110 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 5d8f9e2208af Credits Rafie Muhammad Patchstack Required privilege...

WordPress WP Docs Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Docs Type Plugin Vulnerable versions = 1.9.9 Fixed in 2.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32106 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c7b1d23694a Credits Le Ngoc Anh Required...

WordPress tagDiv Composer Plugin < 4.0 is vulnerable to Cross Site Scripting (XSS)

Software tagDiv Composer Type Plugin Vulnerable versions 4.0 Fixed in 4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1596 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 172e94e0ab28 Credits Truoc Phan Required privileg...

WordPress Thumbs Rating Plugin <= 5.0.0 is vulnerable to Race Condition

Software Thumbs Rating Type Plugin Vulnerable versions = 5.0.0 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Race Condition CVE CVE-2022-45809 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e09b57cb00e4 Credits thiennv Required privilege...

WordPress AJAX Thumbnail Rebuild Plugin <= 1.13 is vulnerable to Broken Access Control

Software AJAX Thumbnail Rebuild Type Plugin Vulnerable versions = 1.13 Fixed in 1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47604 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b90f03667897 Credits Justiice Required...

WordPress Photo Gallery Slideshow & Masonry Tiled Gallery Plugin <= 1.0.13 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery Slideshow & Masonry Tiled Gallery Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2402 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID...

WordPress Ultimate Carousel For WPBakery Page Builder Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Carousel For WPBakery Page Builder Type Plugin Vulnerable versions = 2.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0267 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8fe712db2127...

WordPress Wp D3 Plugin <= 2.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Wp D3 Type Plugin Vulnerable versions = 2.4.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0536 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 29e185ae78e3 Credits István Márton Required privile...