WordPress Upfrontwp Theme <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Upfrontwp Type Theme Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24009 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 4e64aada38f6 Credits Dave Jong Patchstack Required...

WordPress Pinpoint Booking System Plugin < 2.9.9.2.9 is vulnerable to SQL Injection

Software Pinpoint Booking System Type Plugin Vulnerable versions 2.9.9.2.9 Fixed in 2.9.9.2.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0220 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7276b0492738 Credits István Márton Required privilege...

WordPress Twenty20 Image Before-After Plugin <= 1.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Twenty20 Image Before-After Type Plugin Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4580 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d082c511a4c8 Credits István...

WordPress Parsi Date Plugin < 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Parsi Date Type Plugin Vulnerable versions 4.0.2 Fixed in 4.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID d0d0311f443b Credits WPScan Required privilege Unauthenticat...

WordPress WP TripAdvisor Review Slider Plugin < 10.8 is vulnerable to SQL Injection

Software WP TripAdvisor Review Slider Type Plugin Vulnerable versions 10.8 Fixed in 10.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0261 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dcd0212f495a Credits István Márton Required privilege...

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23974 Patch priority Low CVSS severity Low 5.4 Developer Fullworks Plugins PSID 5e2ae440ff0d Credits yuyudhn...

WordPress WP Go Maps Plugin <= 9.0.15 is vulnerable to Directory Traversal

Software WP Go Maps Type Plugin Vulnerable versions = 9.0.15 Fixed in 9.0.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Directory Traversal CVE CVE-2022-47595 Patch priority Low CVSS severity Low 4.9 Developer WP Go Maps PSID ce001c792740 Credits rezaduty Required privilege...

WordPress MainWP Broken Links Checker Extension Plugin <= 4.0 is vulnerable to Broken Access Control

Software MainWP Broken Links Checker Extension Type Plugin Vulnerable versions = 4.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23736 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 20475e0a5f4c Credits Dave...

WordPress MainWP Boilerplate Extension Plugin <= 4.1 is vulnerable to Broken Access Control

Software MainWP Boilerplate Extension Type Plugin Vulnerable versions = 4.1 Fixed in 4.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23745 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bc472be7aa50 Credits Dave Jong...

WordPress MainWP Boilerplate Extension Plugin <= 4.1 is vulnerable to Broken Access Control

Software MainWP Boilerplate Extension Type Plugin Vulnerable versions = 4.1 Fixed in 4.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23744 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dc04c8344b84 Credits Dave Jong...

WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 is vulnerable to Broken Access Control

Software MainWP UpdraftPlus Extension Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23640 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 075f06640c08 Credits Dave Jong...

WordPress MainWP Staging Extension Plugin <= 4.0.3 is vulnerable to Broken Access Control

Software MainWP Staging Extension Type Plugin Vulnerable versions = 4.0.3 Fixed in 4.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23639 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bd391a4b93d5 Credits Dave Jong...

WordPress MainWP Buddy Extension Plugin <= 4.0.1 is vulnerable to Broken Access Control

Software MainWP Buddy Extension Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23747 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 02ced2ec53b5 Credits Dave Jong...

WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software MainWP Code Snippets Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23655 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e9535c2d9219 Credits Dave Jon...

WordPress MainWP Page Speed Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software MainWP Page Speed Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23644 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID c113f0a834c9 Credits Dave Jong...

WordPress MainWP iThemes Security Extension Plugin <= 4.1.1 is vulnerable to Broken Access Control

Software MainWP iThemes Security Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23643 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 4ac1fa6eea51 Credits Dave...

WordPress MainWP File Uploader Extension Plugin <= 4.1 is vulnerable to Arbitrary File Deletion

Software MainWP File Uploader Extension Type Plugin Vulnerable versions = 4.1 Fixed in 4.1.1 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-23653 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 7641346095c5 Credits Dave Jong...

WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 is vulnerable to Settings Change

Software MainWP UpdraftPlus Extension Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-23658 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID c87cd5d840bf Credits Dave Jong Patchstack...

WordPress MainWP Google Analytics Extension Plugin <= 4.0.4 is vulnerable to Settings Change

Software MainWP Google Analytics Extension Type Plugin Vulnerable versions = 4.0.4 Fixed in 4.0.5 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-23652 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID cef3e9a579b0 Credits Dave Jong...

WordPress MainWP Maintenance Extension Plugin <= 4.1.1 is vulnerable to Settings Change

Software MainWP Maintenance Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-23662 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 8194a64eddf2 Credits Dave Jong...