WordPress JupiterX Core Plugin <= 3.3.8 is vulnerable to Privilege Escalation

Software JupiterX Core Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.4.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-38389 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID bb67776164d1 Credits Rafie...

WordPress Save as Image plugin by Pdfcrowd Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS)

Software Save as Image plugin by Pdfcrowd Type Plugin Vulnerable versions = 2.16.0 Fixed in 2.16.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40665 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cfe00b0b6985 Credits Mahe...

WordPress Cookies and Content Security Policy Plugin <= 2.15 is vulnerable to Sensitive Data Exposure

Software Cookies and Content Security Policy Type Plugin Vulnerable versions = 2.15 Fixed in 2.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-40662 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1727f4bf0e4c Credits Mika...

WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Donations Made Easy – Smart Donations Type Plugin Vulnerable versions = 4.0.12 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40664 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f2b34d09c3af...

WordPress Smart SEO Tool Plugin < 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smart SEO Tool Type Plugin Vulnerable versions 4.0.2 Fixed in 4.0.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7f5302fb053b Credits WordFence Required privilege...

WordPress Serial Codes Generator and Validator with WooCommerce Support Plugin < 2.4.15 is vulnerable to Cross Site Scripting (XSS)

Software Serial Codes Generator and Validator with WooCommerce Support Type Plugin Vulnerable versions 2.4.15 Fixed in 2.4.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID...

CVE-2023-3244

The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restoresettings function called via an AJAX action in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers with minimal...

CVE-2023-3244 Comments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset

The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restoresettings function called via an AJAX action in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers with minimal...

WordPress Brain Power Theme <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Brain Power Type Theme Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2813 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1eb52f5b8792 Credits Random Robbie Required...

WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software CLUEVO LMS, E-Learning Platform Type Plugin Vulnerable versions = 1.10.0 Fixed in 1.11.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-40607 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 43e0be6be22c Credits...

WordPress Typing Effect Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Typing Effect Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40605 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92bc3bb12d2e Credits yuyudhn Required privileg...

WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS)

Software RSVPMarker Type Plugin Vulnerable versions = 10.6.6 Fixed in 10.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27616 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c71696c6cb5c Credits Muhammad Arsalan...

WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS)

Software RSVPMarker Type Plugin Vulnerable versions = 10.6.6 Fixed in 10.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27617 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e92edda5d46e Credits Muhammad Arsalan Diponegor...

WordPress Blog2Social Plugin <= 7.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Blog2Social Type Plugin Vulnerable versions = 7.2.0 Fixed in 7.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40554 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bf0b6787bf84 Credits Phd Required privileg...

WordPress Album and Image Gallery plus Lightbox Plugin <= 1.7 is vulnerable to Broken Access Control

Software Album and Image Gallery plus Lightbox Type Plugin Vulnerable versions = 1.7 Fixed in 1.7.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0921c0a66b1c Credits Abdi...

WordPress WP Remote Users Sync Plugin <= 1.2.11 is vulnerable to Broken Access Control

Software WP Remote Users Sync Type Plugin Vulnerable versions = 1.2.11 Fixed in 1.2.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-4374 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 367f50681d32 Credits Lana Codes Required...

WordPress Products Quick View for WooCommerce Plugin < 2.3.0 is vulnerable to Broken Access Control

Software Products Quick View for WooCommerce Type Plugin Vulnerable versions 2.3.0 Fixed in 2.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aad335fc32f5 Credits Unknown Required...

CVE-2023-21234

In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...

CVE-2023-21234

In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...

CVE-2023-21234

In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...