WordPress Elementor Website Builder Plugin 3.3.0-3.18.1 is vulnerable to Arbitrary File Upload

Software Elementor Website Builder Type Plugin Vulnerable versions 3.3.0-3.18.1 Fixed in 3.18.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48777 Patch priority High CVSS severity High 9.9 Developer Elementor PSID 64baf5c2aab5 Credits Hồng Quân luk6785 at VNPT-VCI...

WordPress Burst Statistics Pro Plugin 1.4.0-1.5.0 is vulnerable to SQL Injection

Software Burst Statistics Pro Type Plugin Vulnerable versions 1.4.0-1.5.0 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-5761 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fbf5617c0e05 Credits German Ritter Required privilege...

WordPress Cookie Bar Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Cookie Bar Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49836 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 703ecb793ab1 Credits Muhammad Daffa Required privilege Administrator...

WordPress Soledad Theme <= 8.4.1 is vulnerable to SQL Injection

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49825 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID a78a84399460 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Fix My Feed RSS Repair Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Fix My Feed RSS Repair Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49816 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5bdeb04c02b0 Credits Nguyen Xuan Chie...

WordPress Spectra Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.7.9 Fixed in 2.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49833 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 70385286c341 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49826 Patch priority Medium CVSS severity Medium 8.1 Developer Claim ownership PSID c3ecdbf607cb Credits Rafie Muhammad Patchstack Required privilege...

WordPress Ultimate Dashboard Plugin <= 3.7.10 is vulnerable to Bypass Vulnerability

Software Ultimate Dashboard Type Plugin Vulnerable versions = 3.7.10 Fixed in 3.7.11 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2023-49822 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 9e9819724a52 Credits Naveen Muthusamy Required...

WordPress Structured Content Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Structured Content Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49820 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4db95a68f57c Credits LVT-tholv2k Required privilege...

WordPress MW WP Form Plugin <= 5.0.1 is vulnerable to Arbitrary File Upload

Software MW WP Form Type Plugin Vulnerable versions = 5.0.1 Fixed in 5.0.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 597833164ec3 Credits István Márton Required privilege Unauthenticat...

WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Bypass Vulnerability

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.5.02.005 Fixed in 8.6.01.005 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-49774 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 23d1af6fe73e Credits Brandon Roldan...

WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software LiveChat Type Plugin Vulnerable versions = 4.5.15 Fixed in 4.5.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49821 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fc152f3c5a19 Credits Brandon Roldan Required...

WordPress Advanced Database Cleaner Plugin <= 3.1.2 is vulnerable to SQL Injection

Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49764 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 18ca57291df6 Credits Mika Required privilege Administrator...

WordPress Bulk Edit Post Titles Plugin <= 5.0.0 is vulnerable to Broken Access Control

Software Bulk Edit Post Titles Type Plugin Vulnerable versions = 5.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-49754 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID cc6753fe92c9 Credits Nguyen Xuan Chien...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to Local File Inclusion

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-49753 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 193f6f83729d Credits RE-ALTER Required privilege Unauthenticated...

WordPress Dashboard Widgets Suite Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Dashboard Widgets Suite Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49743 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c6ab0c656b0c Credits Rachit Arora Required privileg...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to SQL Injection

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49752 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bdbcb39edd4b Credits RE-ALTER Required privilege Unauthenticated...

WordPress Couponis Demo Plugin < 2.2 is vulnerable to SQL Injection

Software Couponis Demo Type Plugin Vulnerable versions 2.2 Fixed in 2.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49750 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 697cadbd26d0 Credits RE-ALTER Required privilege Unauthenticated Published 4...

WordPress SureTriggers Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)

Software SureTriggers Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49749 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11a6f0afd634 Credits Rafie Muhammad...

WordPress WP Booking System Plugin <= 2.0.19.2 is vulnerable to Broken Access Control

Software WP Booking System Type Plugin Vulnerable versions = 2.0.19.2 Fixed in 2.0.19.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-49758 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b7e70f6e3332 Credits Abdi Pranata...