WordPress Captcha Code Plugin <= 2.9 is vulnerable to Bypass Vulnerability

Software Captcha Code Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-48745 Patch priority Low CVSS severity Low 5.3 Developer WebFactory Ltd. PSID c2ae3ab19d4d Credits qilin99 Required privilege...

WordPress Easy Social Feed Plugin <= 6.5.1 is vulnerable to Broken Access Control

Software Easy Social Feed Type Plugin Vulnerable versions = 6.5.1 Fixed in 6.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48740 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 1c5273124850 Credits Abdi Pranata Required...

WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to Broken Access Control

Software Porto Theme - Functionality Type Plugin Vulnerable versions 2.12.1 Fixed in 2.12.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48739 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID aa73939ac882 Credits Rafie...

Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected Run the below...

Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected PoC Run the belo...

WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin <= 2.1 is vulnerable to Sensitive Data Exposure

Software WordPress Job Board and Recruitment Plugin – JobWP Type Plugin Vulnerable versions = 2.1 Fixed in 2.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-48288 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID be9397d42d03...

WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Broken Access Control

Software Awesome Support Type Plugin Vulnerable versions = 6.1.4 Fixed in 6.1.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48324 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3ccfaf9111b5 Credits thiennv Required privilege...

WordPress MyBookTable Bookstore Plugin <= 3.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software MyBookTable Bookstore Type Plugin Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ac06dff1976c Credits Nguyen Xuan...

WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Awesome Support Type Plugin Vulnerable versions = 6.1.4 Fixed in 6.1.5 OWASP Top 10 A2: Broken Authentication Classification Cross Site Request Forgery CSRF CVE CVE-2023-48323 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID afdaccd9618c Credits thiennv Required...

WordPress The Events Calendar Plugin < 6.2.8.1 is vulnerable to Sensitive Data Exposure

Software The Events Calendar Type Plugin Vulnerable versions 6.2.8.1 Fixed in 6.2.8.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Liquid Web / StellarWP PSID fb9bc5b80294 Credits Krzysztof Zając Require...

WordPress Widgets for Google Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload

Software Widgets for Google Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 5e436d044590 Credits Rafie Muhammad Patchstack...

WordPress Autocomplete Location field Contact Form 7 Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Autocomplete Location field Contact Form 7 Type Plugin Vulnerable versions = 2.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5005 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4890d8d7c0c3 Credits B...

WordPress Perfmatters Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Perfmatters Type Plugin Vulnerable versions 2.2.0 Fixed in 2.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47877 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 95a1cb6cdea5 Credits Dave Jong Patchstack Required privileg...

WordPress Userpro Plugin <= 5.1.4 is vulnerable to Privilege Escalation

Software Userpro Type Plugin Vulnerable versions = 5.1.4 Fixed in 5.1.5 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2023-6009 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7046ef9feaa8 Credits István Márton Required privilege...

WordPress WP Child Theme Generator Plugin <= 1.1.2 is vulnerable to Arbitrary File Upload

Software WP Child Theme Generator Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Upload CVE CVE-2023-47873 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID e915ca3d162f Credits Dateoljo of BoB 12th...

WordPress wpForo Forum Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software wpForo Forum Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47872 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID da62b115c79c Credits Jesse McNeil Required privilege...

WordPress CataBlog Plugin <= 1.7.0 is vulnerable to Arbitrary File Upload

Software CataBlog Type Plugin Vulnerable versions = 1.7.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-47842 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID ca3ef4e541ae Credits Rafie Muhammad Patchstack Required privilege...

WordPress Contact Form to Any API Plugin <= 1.1.6 is vulnerable to Broken Access Control

Software Contact Form to Any API Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47871 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 81c0f0123458 Credits Arvandy Require...

WordPress wpForo Forum Plugin <= 2.2.5 is vulnerable to Content Injection

Software wpForo Forum Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A1: Broken Access Control Classification Content Injection CVE CVE-2023-47869 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e9607ec97842 Credits Jesse McNeil Required privilege...

WordPress BlossomThemes Email Newsletter Plugin <= 2.2.4 is vulnerable to Broken Access Control

Software BlossomThemes Email Newsletter Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47849 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 051053384c38 Credits Abdi...