WordPress SSL Mixed Content Fix Plugin <= 3.2.3 is vulnerable to Broken Access Control

Software SSL Mixed Content Fix Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f6d89bad3ca9 Credits WordFence Required...

WordPress Quiz And Survey Master Plugin < 8.1.11 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 8.1.11 Fixed in 8.1.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9853dd82cef9 Credits Andreas Damen...

WordPress Schema Pro Plugin <= 2.7.8 is vulnerable to Broken Access Control

Software Schema Pro Type Plugin Vulnerable versions = 2.7.8 Fixed in 2.7.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36683 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 77fd92d9030a Credits Rafie Muhammad Patchstack Required...

WordPress Media Library Categories Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Categories Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36382 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3d7aad62f83d Credits Jeong Seong Ho...

WordPress Disabler Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Disabler Type Plugin Vulnerable versions = 3.0.3 Fixed in 4.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-37998 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cee9091d2325 Credits Skalucy Required privilege...

WordPress Oxygen Builder Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Oxygen Builder Type Plugin Vulnerable versions 4.4 Fixed in 4.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46841 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 25f9e69541d6 Credits RE-ALTER Required privileg...

WordPress WooCommerce Tiered Price Table Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Tiered Price Table Type Plugin Vulnerable versions = 3.5.0 Fixed in 3.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 9b5f585c6785 Credits Rafie Muhammad...

WordPress Seo Optimized Images Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Seo Optimized Images Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 4f8787b2dacc Credits Rafie Muhammad Patchstack Required...

WordPress WordPress Editable Posts Table for the Frontend Plugin < 2.4.28 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Editable Posts Table for the Frontend Type Plugin Vulnerable versions 2.4.28 Fixed in 2.4.28 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7f8dbd4fe9f8 Credits...

WordPress Post Slider and Carousel with Widget – A Responsive Post Slider Plugin < 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Post Slider and Carousel with Widget – A Responsive Post Slider Type Plugin Vulnerable versions 3.2.1 Fixed in 3.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress Lightbox – EverlightBox Gallery Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Lightbox – EverlightBox Gallery Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a0f3c1713753 Credits Rafie Muhammad...

WordPress Advanced USPS Shipping Method Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced USPS Shipping Method Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a753901c3acc Credits Rafie Muhammad...

WordPress Add Tiktok Pixel for Tiktok ads (+Woocommerce) Plugin < 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Add Tiktok Pixel for Tiktok ads +Woocommerce Type Plugin Vulnerable versions 1.2.7 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 92194b39a569 Credits Rafie...

WordPress Delete Duplicate Posts Plugin < 4.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Delete Duplicate Posts Type Plugin Vulnerable versions 4.8.9 Fixed in 4.8.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer CleverPlugins.com PSID 697dcfa11c60 Credits Rafie Muhammad Patchstack...

WordPress Floating Awesome Button Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Floating Awesome Button Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.7.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a554276c1f96 Credits Rafie Muhammad Patchstac...

WordPress Backup Bolt Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Backup Bolt Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6cdb95fd5dfc Credits Rafie Muhammad Patchstack Required...

WordPress Da Reactions Plugin < 4.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Da Reactions Type Plugin Vulnerable versions 4.0.4 Fixed in 4.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b1c0a39d27ab Credits Rafie Muhammad Patchstack Required...

WordPress Coming Soon Plugin <= 1.5.9 is vulnerable to SQL Injection

Software Coming Soon Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46849 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a93f0e48b26 Credits Le Ngoc Anh Required privilege Administrator Publishe...

WordPress My Content Management Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software My Content Management Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f6e3eb68e74c Credits emad Required...

WordPress Icegram Plugin < 3.1.12 is vulnerable to Cross Site Scripting (XSS)

Software Icegram Type Plugin Vulnerable versions 3.1.12 Fixed in 3.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2398 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 94f0d322a79a Credits Erwan LR WPScan Required...