WordPress Custom Base Terms Plugin <= 1.0.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Custom Base Terms Type Plugin Vulnerable versions = 1.0.2.3 Fixed in 1.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2600 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1a97ca0c054e Credits Aymane Mazguiti...

WordPress Custom Field Suite Plugin <= 2.6.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.2.1 Fixed in 2.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32515 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7c463fb33b0b Credits Taihei Shimamine...

WordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.23.1 is vulnerable to Broken Access Control

Software YITH WooCommerce Gift Cards Premium Type Plugin Vulnerable versions = 3.23.1 Fixed in 3.24.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-44633 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9a5270f7dbc9 Credits...

WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure

Software Download Monitor Type Plugin Vulnerable versions = 4.7.60 Fixed in 4.7.70 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2022-45354 Patch priority Low CVSS severity Low 5.3 Developer WPChill PSID 4dbbcebe007d Credits Rafie Muhammad Patchstack...

WordPress GiveWP Plugin <= 2.25.3 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 2.25.3 Fixed in 2.26.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-32513 Patch priority High CVSS severity High 7.5 Developer Liquid Web / StellarWP PSID 8e6fd83cfd05 Credits Rafie Muhammad Patchstack Required...

KLA49157 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in SysInternals Sysmon for Windows can be...

WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32510 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fdf3da041b8c Credits minhtuana...

JVN#59341308: WordPress Plugin "Newsletter" vulnerable to cross-site scripting

WordPress Plugin "Newsletter" provided by Stefano Lissa & The Newsletter Team contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the WordPress using the plugin. Solution Update the plugin Update the...

WordPress ShortPixel Adaptive Images Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ShortPixel Adaptive Images Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32512 Patch priority Low CVSS severity Low 4.3 Developer ShortPixel PSID 1c9663150338 Credits konagash...

WordPress Woo Custom Emails Plugin <= 2.2 is vulnerable to Broken Access Control

Software Woo Custom Emails Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32507 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID d401968a61b0 Credits minhtuanact Required privileg...

WordPress Booking Ultra Pro Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32511 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 62d0b4def25b Credits thiennv Require...

WordPress Brands for WooCommerce Plugin <= 3.7.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Brands for WooCommerce Type Plugin Vulnerable versions = 3.7.0.6 Fixed in 3.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23667 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a9e535646db Credits István Márton...

WordPress Link Whisper Free Plugin <= 0.6.3 is vulnerable to Broken Access Control

Software Link Whisper Free Type Plugin Vulnerable versions = 0.6.3 Fixed in 0.6.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32506 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID aa6cd8128a6f Credits Nguyen Anh Tien...

WordPress wordpress vertical image slider plugin Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS)

Software wordpress vertical image slider plugin Type Plugin Vulnerable versions = 1.2.16 Fixed in 1.2.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24413 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID da3e59a78609...

WordPress WP Abstracts Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Abstracts Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29385 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID eb9850af3b46 Credits LEE SE HYOUNG...

WordPress TK Google Fonts GDPR Compliant Plugin <= 2.2.7 is vulnerable to Broken Access Control

Software TK Google Fonts GDPR Compliant Type Plugin Vulnerable versions = 2.2.7 Fixed in 2.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID a16b5d1818ee Credits Unknown Required...

WordPress Booking Ultra Pro Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32236 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 00fb8bbc9f88 Credits Team WeBoB...

WordPress TheGem (Elementor) Theme < 5.8.1.1 is vulnerable to Cross Site Scripting (XSS)

Software TheGem Elementor Type Theme Vulnerable versions 5.8.1.1 Fixed in 5.8.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32237 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 54db6f410b09 Credits Dave Jong Patchstack...

WordPress Points and Rewards for WooCommerce Plugin <= 1.5.0 is vulnerable to Broken Access Control

Software Points and Rewards for WooCommerce Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.6.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-27608 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9fa3c23ff647 Credits Dave...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1843 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID b16a58b44328 Credits Marco Wotschka...