Scanner-and-Patcher - A Web Vulnerability Scanner And Patcher

This tools is very helpful for finding vulnerabilities present in the Web Applications. A web application scanner explores a web application by crawling through its web pages and examines it for security vulnerabilities, which involves generation of malicious inputs and evaluation of application'...

WordPress Mailtree Log Mail Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Mailtree Log Mail Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3135 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID e74e0d24830e Credits Alex Thomas Required...

HackerOne: Internal machine learning API endpoint for CWE classification is vulnerable to path traversal

Vulnerability description not provided...

WordPress LWS Cleaner Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software LWS Cleaner Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35781 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID eac11e5294d8 Credits konagash Required...

WordPress breadcrumb simple Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software breadcrumb simple Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35092 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 50a5e1d60df5 Credits Rio Darmawan Required...

WordPress WP Mail Catcher Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Mail Catcher Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3080 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 4c3adbc78628 Credits Alex Thomas Required...

How to Improve Your API Security Posture

APIs, more formally known as application programming interfaces, empower apps and microservices to communicate and share data. However, this level of connectivity doesn't come without major risks. Hackers can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or even ta...

WordPress Directorist Plugin <= 7.5.4 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1889 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 3d986c80db6c Credits Alex Thomas Required privilege...

WordPress GDPR Cookie Consent Notice Box Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software GDPR Cookie Consent Notice Box Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32294 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e4ea913f3b06 Credits Emili...

WordPress Nested Pages Plugin <= 3.2.3 is vulnerable to Broken Access Control

Software Nested Pages Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2434 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID 26e414b00090 Credits Lana Codes Required privilege...

WordPress WP Full Auto Tags Manager Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Full Auto Tags Manager Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34024 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e806b57e2695 Credits Elliot Requir...

WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-25990 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f1abc8ca80b8 Credits Rafie Muhammad Patchstack Required privilege Tutor...

WordPress Groundhogg Plugin <= 2.7.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Groundhogg Type Plugin Vulnerable versions = 2.7.9.8 Fixed in 2.7.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2736 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 8080227ecd75 Credits Lana Codes Required...

WordPress Simple Page Ordering Plugin <= 2.5.0 is vulnerable to Broken Access Control

Software Simple Page Ordering Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32798 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bde37994ef19 Credits Mika Required privilege...

WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control

Software Forget About Shortcode Buttons Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32579 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 97c2cfa92f61 Credits István Márton...

WordPress Bookly Plugin <= 21.7.1 is vulnerable to Arbitrary File Deletion

Software Bookly Type Plugin Vulnerable versions = 21.7.1 Fixed in 21.8 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-26526 Patch priority Medium CVSS severity Medium 7.7 Developer Claim ownership PSID a06cfd6ac407 Credits Rafie Muhammad Patchstack...

WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Dyslexiefont Free Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32589 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fb7c8442b1dc Credits Yash Kanchhal...

WordPress Custom Field Suite Plugin <= 2.6.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.2.1 Fixed in 2.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32515 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7c463fb33b0b Credits Taihei Shimamine...

WordPress TK Google Fonts GDPR Compliant Plugin <= 2.2.7 is vulnerable to Broken Access Control

Software TK Google Fonts GDPR Compliant Type Plugin Vulnerable versions = 2.2.7 Fixed in 2.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID a16b5d1818ee Credits Unknown Required...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1843 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID b16a58b44328 Credits Marco Wotschka...