WordPress Booster Elite for WooCommerce Plugin < 7.1.3 is vulnerable to Content Injection

Software Booster Elite for WooCommerce Type Plugin Vulnerable versions 7.1.3 Fixed in 7.1.3 OWASP Top 10 A1: Broken Access Control Classification Content Injection CVE CVE-2023-51511 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1e2bd30a7dcc Credits Dave Jong...

WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.20 Fixed in 6.21 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51535 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

[SECURITY] Fedora 39 Update: python3.9-3.9.18-3.fc39

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

WordPress User Feedback Plugin <= 1.0.10 is vulnerable to Broken Access Control

Software User Feedback Type Plugin Vulnerable versions = 1.0.10 Fixed in 1.0.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50887 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 72613a1d0e22 Credits Revan Arifio Required privile...

WordPress EmbedPress Plugin <= 3.8.3 is vulnerable to Broken Access Control

Software EmbedPress Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.8.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51375 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b1e657828f4d Credits Abdi Pranata Required...

WordPress TheGem Theme <= 5.9.1 is vulnerable to Cross Site Scripting (XSS)

Software TheGem Type Theme Vulnerable versions = 5.9.1 Fixed in 5.9.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50892 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e038c2e19876 Credits Rafie Muhammad Patchstack Required privile...

WordPress Essential Blocks for Gutenberg Plugin <= 4.2.0 is vulnerable to Broken Access Control

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51360 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID aa89b26b64fb Credits Rafie Muhamm...

JVN#32646742: Multiple vulnerabilities in PowerCMS

PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the management screen CWE-79 - CVE-2023-49117 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

WordPress Sirv Plugin <= 7.1.2 is vulnerable to Broken Access Control

Software Sirv Type Plugin Vulnerable versions = 7.1.2 Fixed in 7.1.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-50898 Patch priority Low CVSS severity Low 5.4 Developer Sirv PSID 96bd93b7e6bb Credits Abdi Pranata Required privilege Subscriber Publishe...

WordPress Product Catalog Enquiry for WooCommerce by MultiVendorX Plugin <= 5.0.2 is vulnerable to Broken Access Control

Software Product Catalog Enquiry for WooCommerce by MultiVendorX Type Plugin Vulnerable versions = 5.0.2 Fixed in 5.0.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50899 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1d8bd2186a...

WordPress Product Filter by WBW Plugin <= 2.5.0 is vulnerable to Broken Access Control

Software Product Filter by WBW Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50877 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b4377cfc0c43 Credits Abdi Pranata...

WordPress ProjectHuddle Client Site Plugin <= 1.0.34 is vulnerable to Broken Access Control

Software ProjectHuddle Client Site Type Plugin Vulnerable versions = 1.0.34 Fixed in 1.0.35 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51376 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 662f316bbcd6 Credits Rafie...

Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup...

Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update

Description The plugin does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset Run the below command in the developer console of the web browser while...

WordPress Add Any Extension to Pages Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Add Any Extension to Pages Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50873 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b3821f100fa4 Credits Nguyen Xuan...

WordPress Limit Login Attempts Reloaded Plugin <= 2.25.26 is vulnerable to Cross Site Scripting (XSS)

Software Limit Login Attempts Reloaded Type Plugin Vulnerable versions = 2.25.26 Fixed in 2.25.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6934 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2de2d139dd65 Credits Hung...

WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection

Software RegistrationMagic Type Plugin Vulnerable versions = 5.2.4.5 Fixed in 5.2.4.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50846 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 9ebe43b2d455 Credits Muhammad Daffa Required privilege...

WordPress Simply Schedule Appointments Plugin < 1.6.6.1 is vulnerable to SQL Injection

Software Simply Schedule Appointments Type Plugin Vulnerable versions 1.6.6.1 Fixed in 1.6.6.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50851 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID a0f5e904e5c2 Credits Muhammad Daffa Required privilege...

WordPress Welcart e-Commerce Plugin <= 2.9.3 is vulnerable to SQL Injection

Software Welcart e-Commerce Type Plugin Vulnerable versions = 2.9.3 Fixed in 2.9.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50847 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 04a7c6fd4f27 Credits Muhammad Daffa Required privilege Editor...

WordPress Photo Gallery by 10Web Plugin <= 1.8.18 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.18 Fixed in 1.8.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6924 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0bcf8b758508 Credits István Márton...