WordPress Tarot Card Oracle Plugin < 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Tarot Card Oracle Type Plugin Vulnerable versions 1.1.6 Fixed in 1.1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1007403ec245 Credits Rafie Muhammad Patchstack Requir...

WordPress B Blocks - The ultimate block collection Plugin < 1.7.8 is vulnerable to Cross Site Scripting (XSS)

Software B Blocks - The ultimate block collection Type Plugin Vulnerable versions 1.7.8 Fixed in 1.7.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a29938020aa Credits Rafie...

WordPress ProfileGrid Plugin <= 5.5.2 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3714 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 163433ba9759 Credits Lana Codes Required privilege...

WordPress MultiParcels Shipping For WooCommerce Plugin < 1.14.15 is vulnerable to SQL Injection

Software MultiParcels Shipping For WooCommerce Type Plugin Vulnerable versions 1.14.15 Fixed in 1.14.15 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2843 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3e93313a1e18 Credits Dao Xuan Hieu Required...

WordPress HM Logo Showcase – Slider & Grid Plugin < 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software HM Logo Showcase – Slider & Grid Type Plugin Vulnerable versions 2.0.4 Fixed in 2.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d6a5f366444f Credits Rafie Muhammad...

WordPress Dreamfox Media Shipping gateway per Product for Woocommerce Plugin < 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Dreamfox Media Shipping gateway per Product for Woocommerce Type Plugin Vulnerable versions 2.3.3 Fixed in 2.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 34683916968...

WordPress Dreamfox Media Payment gateway per Product for Woocommerce Plugin < 3.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Dreamfox Media Payment gateway per Product for Woocommerce Type Plugin Vulnerable versions 3.2.7 Fixed in 3.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f228b3d2c1e8...

WordPress Caxton – Create Pro page layouts in Gutenberg Plugin <= 1.30.0 is vulnerable to Cross Site Scripting (XSS)

Software Caxton – Create Pro page layouts in Gutenberg Type Plugin Vulnerable versions = 1.30.0 Fixed in 1..30.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bc703d7f6810 Credits...

WordPress License Manager for WooCommerce Plugin <= 2.2.9 is vulnerable to Cross Site Scripting (XSS)

Software License Manager for WooCommerce Type Plugin Vulnerable versions = 2.2.9 Fixed in 2.2.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 24ad0c80c991 Credits Rafie Muhammad...

WordPress YARPP Plugin <= 5.30.3 is vulnerable to Cross Site Scripting (XSS)

Software YARPP Type Plugin Vulnerable versions = 5.30.3 Fixed in 5.30.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2433 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a7d49568bb15 Credits Lana Codes Required privilege...

WordPress Material Design for Contact Form 7 Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Material Design for Contact Form 7 Type Plugin Vulnerable versions = 2.6.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 99dee6925b46 Credits Rafie Muhammad...

WordPress Live Drag and Drop Builder for Contact Form 7 Plugin < 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Live Drag and Drop Builder for Contact Form 7 Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f8dcf6b85301 Credits Rafi...

WordPress Video Embed & Thumbnail Generator Plugin < 4.8.11 is vulnerable to Cross Site Scripting (XSS)

Software Video Embed & Thumbnail Generator Type Plugin Vulnerable versions 4.8.11 Fixed in 4.8.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 593159c2fc96 Credits Rafie Muhammad...

WordPress Royal Elementor Addons Plugin <= 1.3.70 is vulnerable to Sensitive Data Exposure

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.70 Fixed in 1.3.71 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-3709 Patch priority Low CVSS severity Low 5.3 Developer WProyal PSID 0083800052cc Credits Ulyses Saicha Required...

WordPress Easy Social Photos Gallery – MIF Plugin <= 3.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Easy Social Photos Gallery – MIF Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 98fee6271dba Credits Rafie Muhammad...

WordPress Postcode Redirect Plugin <= 4.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Postcode Redirect Type Plugin Vulnerable versions = 4.4.1 Fixed in 5.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2d5e1edfc5f4 Credits Rafie Muhammad Patchstack...

WordPress RSS feed with featured images | RSS Chimp Plugin < 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software RSS feed with featured images | RSS Chimp Type Plugin Vulnerable versions 1.2.5 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a074166be2d5 Credits Rafie...

WordPress HM Resume Manager Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Software HM Resume Manager Type Plugin Vulnerable versions = 2.2 Fixed in 2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 912793162937 Credits Rafie Muhammad Patchstack Required...

WordPress Radio Station Plugin < 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Radio Station Type Plugin Vulnerable versions 2.5.5 Fixed in 2.5.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 51403d09ff9c Credits Rafie Muhammad Patchstack Required...

WordPress Cozy Blocks Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Cozy Blocks Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer CozyThemes PSID 5480a1de59c0 Credits Rafie Muhammad Patchstack Required...