273 matches found
WordPress WP Meta SEO Plugin <= 4.5.2 is vulnerable to SQL Injection
Software WP Meta SEO Type Plugin Vulnerable versions = 4.5.2 Fixed in 4.5.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ed22c0b021d4 Credits WordFence Required privilege Subscriber Published 23 February,...
WordPress Portfolio – WordPress Portfolio Plugin Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS)
Software Portfolio – WordPress Portfolio Plugin Type Plugin Vulnerable versions = 2.8.10 Fixed in 2.8.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23685 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 518a0520e6c9 Credit...
WordPress Auto Affiliate Links Plugin <= 6.2.1.5 is vulnerable to Privilege Escalation
Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.2.1.5 Fixed in 6.2.1.6 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2022-45840 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 552906959004 Credits Nguyen Anh Tien...
WordPress Email Subscribers & Newsletters Plugin <= 5.5.2 is vulnerable to CSV Injection
Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-45810 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID bc18fb9ece3e Credits Mika Required privilege...
WordPress WordPress Comments Import & Export Plugin <= 2.3.1 is vulnerable to CSV Injection
Software WordPress Comments Import & Export Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-45370 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID aa57ae50e983 Credits Mika Required privilege...
WordPress Olevmedia Shortcodes Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)
Software Olevmedia Shortcodes Type Plugin Vulnerable versions = 1.1.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0168 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 576499d3655f Credits István Márton...
WordPress Glossary Plugin <= 2.1.27 is vulnerable to Cross Site Scripting (XSS)
Software Glossary Type Plugin Vulnerable versions = 2.1.27 Fixed in 2.1.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24378 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7470ca4b443e Credits Rafshanzani Suhada Required...
WordPress Intuitive Custom Post Order Plugin <= 3.1.3 is vulnerable to Broken Access Control
Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4385 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 582d2859794c Credits Yuya Kotake...
WordPress Judge.me Product Reviews for WooCommerce Plugin < 1.3.21 is vulnerable to Cross Site Scripting (XSS)
Software Judge.me Product Reviews for WooCommerce Type Plugin Vulnerable versions 1.3.21 Fixed in 1.3.21 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0061 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7fda1dafd296...
WordPress Simple URLs Plugin < 115 is vulnerable to SQL Injection
Software Simple URLs Type Plugin Vulnerable versions 115 Fixed in 115 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0098 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ce05d13c3118 Credits dc11 Required privilege Subscriber Published 17 January,...
WordPress Easy Digital Downloads Plugin <= 3.1.0.3 is vulnerable to SQL Injection
Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.1.0.3 Fixed in 3.1.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23489 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 8ebed23bcf9a Credits Joshua Martinelle Required privilege...
WordPress WP Blog and Widget Plugin < 2.3.1 is vulnerable to Cross Site Scripting (XSS)
Software WP Blog and Widget Type Plugin Vulnerable versions 2.3.1 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4824 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID db9b8648db51 Credits Lana Codes Requir...
WordPress Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Plugin < 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Type Plugin Vulnerable versions 2.3.5 Fixed in 2.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...