WordPress Conversios.io Plugin <= 6.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Conversios.io Type Plugin Vulnerable versions = 6.5.3 Fixed in 6.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46094 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID fb9e0ece864f Credits Phd Required privilege Unauthenticated...

WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userback Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46089 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ca0e03655d57 Credits LEE SE HYOUNG...

WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Privilege Escalation

Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-46145 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 23dc050c5700 Credits Rafie Muhammad Patchstack...

WordPress File Manager Pro Plugin < 1.8.1 is vulnerable to Remote Code Execution (RCE)

Software File Manager Pro Type Plugin Vulnerable versions 1.8.1 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4861 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID cd77a490f9de Credits Alex Sanford Required privilege...

WordPress File Uploader Plugin < 4.23.3 is vulnerable to Cross Site Scripting (XSS)

Software File Uploader Type Plugin Vulnerable versions 4.23.3 Fixed in 4.23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4811 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1623a29c06e5 Credits FAIYAZ AHMAD Required...

WordPress Custom post types Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Custom post types Type Plugin Vulnerable versions = 5.0.2 Fixed in 5.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32116 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de51dde21ff9 Credits Taihei Shimamine...

WordPress The Awesome Feed – Custom Feed Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Software The Awesome Feed – Custom Feed Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46077 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bf6946983fa1 Credits Nguy...

WordPress Ashe Extra Plugin <= 1.2.9 is vulnerable to Broken Access Control

Software Ashe Extra Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.92 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46079 Patch priority Low CVSS severity Low 5.4 Developer WProyal PSID 9a7abfde0bc8 Credits Jonas Höbenreich Required privilege...

WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)

Software Lava Directory Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46081 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f0161d7b2655 Credits Emili...

WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software EG-Attachments Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46070 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 04006798b0e0 Credits Le Ngoc Anh Required...

The vulnerability of Mixed Reality Developer Tools for Windows operating systems, which allows a hacker to trigger a service failure.

The vulnerability of Mixed Reality Developer Tools for Windows operating systems is related to improper resource cleanup. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Gutenberg < 16.8.1 - Contributor+ Stored XSS

Description The plugin does not adequately escape the content of the footnotes within the paragraph block of the block editor, leading to a Contributor+ Cross-Site Scripting vulnerability. 1. Create a new post as a Contributor user. 2. Add a paragraph block and add a footnote to the paragraph. 3...

Gutenberg < 16.8.1 - Contributor+ Stored XSS

Description The plugin does not adequately escape the content of the footnotes within the paragraph block of the block editor, leading to a Contributor+ Cross-Site Scripting vulnerability. PoC 1. Create a new post as a Contributor user. 2. Add a paragraph block and add a footnote to the...

WordPress Newsletter & Bulk Email Sender Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter & Bulk Email Sender Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45829 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 83ca41771be8 Credits thiennv...

WordPress RumbleTalk Live Group Chat Plugin <= 6.2.5 is vulnerable to Broken Access Control

Software RumbleTalk Live Group Chat Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45828 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 142311804af3 Credits Mika Require...

WordPress is vulnerable to Broken Access Control

Software WordPress Type WordPress Core Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-39999 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 145475520c6c Credits Rafie Muhammad Patchstack...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to SQL Injection

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5204 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d9d43b0258cf Credits Marco Wotschka Required privilege Unauthenticated...

WordPress WP ERP Plugin <= 1.12.6 is vulnerable to Broken Access Control

Software WP ERP Type Plugin Vulnerable versions = 1.12.6 Fixed in 1.12.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45765 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID eeeca321fd76 Credits Abdi Pranata Required privileg...

WordPress Poll Maker Plugin <= 4.7.1 is vulnerable to Broken Access Control

Software Poll Maker Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45766 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 63dcd5a4b5a6 Credits Revan Arifio Required privilege...

WordPress Nexter Theme <= 2.0.3 is vulnerable to SQL Injection

Software Nexter Type Theme Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-45657 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID f7e305847a86 Credits Rafie Muhammad Patchstack Required privilege Subscriber...