WordPress MainWP Post Dripper Extension Plugin <= 4.0.4 is vulnerable to Arbitrary Content Deletion

Software MainWP Post Dripper Extension Type Plugin Vulnerable versions = 4.0.4 Fixed in 4.0.5 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-23661 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a90f0687ae2a Credits Dave Jon...

WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software MainWP Code Snippets Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23650 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 27d865081452 Credits Dave...

WordPress MainWP File Uploader Extension Plugin <= 4.1 is vulnerable to Arbitrary File Upload

Software MainWP File Uploader Extension Type Plugin Vulnerable versions = 4.1 Fixed in 4.1.1 OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2023-23656 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f49d8364bda5 Credits Dave Jong...

WordPress MainWP BlogVault Backup Extension Plugin <= 1.3 is vulnerable to Broken Access Control

Software MainWP BlogVault Backup Extension Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23741 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID a23fba51ad99 Credits Dave Jong...

WordPress MainWP WordPress SEO Extension Plugin <= 4.0.1 is vulnerable to Broken Access Control

Software MainWP WordPress SEO Extension Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23746 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID eb8b01abda06 Credits Dave Jon...

WordPress MainWP Broken Links Checker Extension Plugin <= 4.0 is vulnerable to SQL Injection

Software MainWP Broken Links Checker Extension Type Plugin Vulnerable versions = 4.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23737 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 1b463b65a14d Credits Dave Jong Patchstack Required...

WordPress MainWP Rocket Extension Plugin <= 4.0.3 is vulnerable to Settings Change

Software MainWP Rocket Extension Type Plugin Vulnerable versions = 4.0.3 Fixed in 4.0.4 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-23665 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 5dab77b10cf4 Credits Dave Jong Patchstack...

WordPress MainWP Favorites Extension Plugin <= 4.0.10 is vulnerable to Broken Access Control

Software MainWP Favorites Extension Type Plugin Vulnerable versions = 4.0.10 Fixed in 4.0.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23739 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 74613185c5a7 Credits Dave Jong...

WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Arbitrary Code Execution

Software MainWP Code Snippets Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A1: Injection Classification Arbitrary Code Execution CVE CVE-2023-23645 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID bd9b1b1be741 Credits Dave Jong Patchstack...

WordPress MainWP Maintenance Extension Plugin <= 4.1.1 is vulnerable to SQL Injection

Software MainWP Maintenance Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23660 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 9ddad2ceeae4 Credits Dave Jong Patchstack Required...

WordPress MagicForm Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Software MagicForm Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47592 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3819918430b2 Credits minhtuanact Required...

WordPress Advanced Custom Fields: Image Crop Add-on Plugin <= 1.4.12 is vulnerable to Broken Access Control

Software Advanced Custom Fields: Image Crop Add-on Type Plugin Vulnerable versions = 1.4.12 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-22676 Patch priority Low CVSS severity Low 3.1 Developer Claim ownership PSID ae467650d1f0 Credits Istv...

WordPress Vimeo Video Autoplay Automute Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Vimeo Video Autoplay Automute Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0153 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6b9ac437c259 Credits István...

WordPress Youtube Channel Gallery Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Youtube Channel Gallery Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4783 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID d89263cd84d3 Credits István Márton...

WordPress FL3R FeelBox Plugin <= 8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software FL3R FeelBox Type Plugin Vulnerable versions = 8.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4553 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 95a213692f20 Credits WPScan Required privilege...

WordPress club-theme Theme < 10 is vulnerable to Arbitrary File Upload

Software club-theme Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c1148e89d858 Credits Joshua Small Required privilege...

WordPress 10Web Map Builder for Google Maps Plugin < 1.0.72 is vulnerable to Cross Site Scripting (XSS)

Software 10Web Map Builder for Google Maps Type Plugin Vulnerable versions 1.0.72 Fixed in 1.0.72 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4758 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 6eb19701ed4e Credits...

WordPress Store Locator WordPress Plugin < 1.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Store Locator WordPress Type Plugin Vulnerable versions 1.4.9 Fixed in 1.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4832 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 643ae0b35cd8 Credits István Márto...

WordPress BruteBank – WP Security & Firewall Plugin < 1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software BruteBank – WP Security & Firewall Type Plugin Vulnerable versions 1.9 Fixed in 1.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6404457f092f Credits rezadut...

WordPress WHA Puzzle plugin <= 1.0.9 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress WHA Puzzle plugin versions = 1.0.9. Solution No patched version available...