ClicShopping v3.402 - Cross-Site Scripting (XSS)

Title: ClicShopping v3.402 - Cross-Site Scripting XSS Author: nu11secur1ty Date: 11.20.2022 Vendor: https://www.clicshopping.org/forum/ Software: https://github.com/ClicShopping/ClicShoppingV3/releases/tag/version3402 Reference:...

WordPress TF Random Numbers Plugin < 2.0.1 is vulnerable to Broken Access Control

Software TF Random Numbers Type Plugin Vulnerable versions 2.0.1 Fixed in 2.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0889 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 611153a666ff Credits dc11 Required privilege...

WordPress WP Meta SEO Plugin < 4.5.5 is vulnerable to Deserialization of untrusted data

Software WP Meta SEO Type Plugin Vulnerable versions 4.5.5 Fixed in 4.5.5 OWASP Top 10 A1: Injection Classification Deserialization of untrusted data CVE CVE-2023-1381 Patch priority Medium CVSS severity Medium 6.6 Developer Claim ownership PSID 9880ffba76ab Credits Alex Sanford Required privileg...

WordPress HappyFiles Pro Plugin <= 1.8.1 is vulnerable to Broken Access Control

Software HappyFiles Pro Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25445 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 518a5cea4b57 Credits Dave Jong Patchstack...

WordPress Newsletter Plugin <= 7.6.8 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 7.6.8 Fixed in 7.6.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 78a41f715fc6 Credits Unknown Required privilege...

WordPress WP Image Carousel Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Image Carousel Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0589 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID bb8c0ddd754f Credits Lana Codes Require...

WordPress OAuth Single Sign On - SSO (OAuth Client) Premium Plugin < 38.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software OAuth Single Sign On - SSO OAuth Client Premium Type Plugin Vulnerable versions 38.4.9 Fixed in 48.4.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1092 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress doctor-listing Plugin < 1.3.6 is vulnerable to Privilege Escalation

Software doctor-listing Type Plugin Vulnerable versions 1.3.6 Fixed in 1.3.6 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 30151bcf23e5 Credits Omar Badran Required privilege...

WordPress WP Shamsi Plugin <= 4.3.3 is vulnerable to Arbitrary File Deletion

Software WP Shamsi Type Plugin Vulnerable versions = 4.3.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-0335 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 28e13116883e Credits Lana Codes Required privilege...

WordPress Complianz Premium Plugin < 6.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Complianz Premium Type Plugin Vulnerable versions 6.4.2 Fixed in 6.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1069 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9c9adcf0c943 Credits Erwan LR WPScan...

Beauty salon v1.0 - Remote Code Execution Exploit

Exploit Title: Beauty-salon v1.0 - Remote Code Execution RCE Exploit Author: nu11secur1ty Vendor: https://code4berry.com/projects/beautysalon.php Software: https://code4berry.com/project%20downloads/beautysalondownload.php Reference:...

WordPress WP Dark Mode Plugin < 4.0.8 is vulnerable to Local File Inclusion

Software WP Dark Mode Type Plugin Vulnerable versions 4.0.8 Fixed in 4.0.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0467 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b9de22c09750 Credits Alex Sanford Required privilege Subscriber...

WordPress photographer-directory Plugin < 1.0.9 is vulnerable to Privilege Escalation

Software photographer-directory Type Plugin Vulnerable versions 1.0.9 Fixed in 1.0.9 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 44093df6ab0d Credits Omar Badran Required...

WordPress real-estate-pro Plugin < 1.7.1 is vulnerable to Privilege Escalation

Software real-estate-pro Type Plugin Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a8f610e7b2fc Credits Omar Badran Required privilege...

WordPress lawyer-directory Plugin < 1.2.9 is vulnerable to Privilege Escalation

Software lawyer-directory Type Plugin Vulnerable versions 1.2.9 Fixed in 1.2.9 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID c69ece2de96a Credits Omar Badran Required privileg...

WordPress OoohBoi Steroids for Elementor Plugin <= 2.1.4 is vulnerable to Arbitrary File Deletion

Software OoohBoi Steroids for Elementor Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-0336 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 0eee208c0039 Credits Lana Codes...

WordPress fitness-trainer Plugin < 1.4.1 is vulnerable to Privilege Escalation

Software fitness-trainer Type Plugin Vulnerable versions 1.4.1 Fixed in 1.4.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 4ffd920db47c Credits Omar Badran Required privilege...

WordPress final-user-wp-frontend-user-profiles Plugin < 1.2.2 is vulnerable to Privilege Escalation

Software final-user-wp-frontend-user-profiles Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 5182d2b5fe29 Credits Omar Badr...

WordPress Hotel Listing Plugin < 1.3.7 is vulnerable to Privilege Escalation

Software Hotel Listing Type Plugin Vulnerable versions 1.3.7 Fixed in 1.3.7 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6e712961c58d Credits Omar Badran Required privilege...

WordPress Albo Pretorio Online Plugin <= 4.6 is vulnerable to Cross Site Scripting (XSS)

Software Albo Pretorio Online Type Plugin Vulnerable versions = 4.6 Fixed in 4.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28750 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4e28c2ad9283 Credits Phd Required...