WordPress Advanced Recent Posts Plugin <= 0.6.14 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Recent Posts Type Plugin Vulnerable versions = 0.6.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0212 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 40ae855e2918 Credits Lana Codes...

WordPress Namaste! LMS Plugin < 2.6 is vulnerable to Cross Site Scripting (XSS)

Software Namaste! LMS Type Plugin Vulnerable versions 2.6 Fixed in 2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0844 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5f40301e0581 Credits Alex Sanford Required privilege...

WordPress DeepL Pro API translation Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software DeepL Pro API translation Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27446 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6431a2bd8a82 Credits Mika...

WordPress Saan World Clock Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)

Software Saan World Clock Type Plugin Vulnerable versions = 1.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0145 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID cb720ac68691 Credits Lana Codes Required...

WordPress WC Sales Notification Plugin < 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WC Sales Notification Type Plugin Vulnerable versions 1.2.3 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1087 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 359b32e62cb7 Credits WPScan Required...

WordPress JCH Optimize Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Software JCH Optimize Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25491 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0051eec0a90c Credits Rio Darmawan Required...

WordPress WP SMS Plugin <= 6.0.4 is vulnerable to Sensitive Data Exposure

Software WP SMS Type Plugin Vulnerable versions = 6.0.4 Fixed in 6.0.4.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-27447 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID d5718eb41b4b Credits Jarko Piironen Required...

WordPress Cookie Notice & Compliance for GDPR / CCPA Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Cookie Notice & Compliance for GDPR / CCPA Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24400 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8398d2893fb7...

WordPress ProfileGrid Plugin < 5.3.1 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions 5.3.1 Fixed in 5.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0940 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0809f414e629 Credits dc11 Required privilege Subscriber...

WordPress Cart Lift Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Cart Lift Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47449 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0f2e7403ef94 Credits Team WeBoB Required...

WordPress real.Kit Plugin <= 5.1.0 is vulnerable to Cross Site Scripting (XSS)

Software real.Kit Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0364 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fc7a1c53ac0a Credits Lana Codes Required...

WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.4.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software WpStream – Live Streaming, Video on Demand, Pay Per View Type Plugin Vulnerable versions = 4.4.10 Fixed in 4.4.10.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27458 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership...

WordPress Real Estate 7 Theme <= 3.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Real Estate 7 Type Theme Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 17be44a53b30 Credits RE-ALTER Required privilege...

WordPress OAuth Server Plugin < 4.3.0 is vulnerable to Broken Access Control

Software OAuth Server Type Plugin Vulnerable versions 4.3.0 Fixed in 4.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4148 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 20d9eb3b6ea8 Credits Lana Codes Required privilege...

WordPress Search in Place Plugin <= 1.0.104 is vulnerable to Other Vulnerability Type

Software Search in Place Type Plugin Vulnerable versions = 1.0.104 Fixed in 1.0.105 OWASP Top 10 A5: Broken Access Control Classification Other Vulnerability Type CVE CVE-2023-26521 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e57d979e5122 Credits István Márton Required...

WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Debug Assistant Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26527 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a881348f2d40 Credits Prasanna V Balaji Required...

WordPress Paid Memberships Pro Plugin <= 2.9.11 is vulnerable to SQL Injection

Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.9.11 Fixed in 2.9.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0631 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID c680ed84c0a0 Credits Marc Montpas Required privilege Subscribe...

WordPress GS Insever Portfolio Plugin < 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Software GS Insever Portfolio Type Plugin Vulnerable versions 1.4.5 Fixed in 1.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0539 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fa5f4f60b861 Credits Lana Codes...

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

Summary Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier. The following vulnerabilities, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628 allowing unauthorized access of unauthenticated attacker with...

WordPress All In One SEO Pack Plugin <= 4.2.9 is vulnerable to Cross Site Scripting (XSS)

Software All In One SEO Pack Type Plugin Vulnerable versions = 4.2.9 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0586 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5d5ff254df57 Credits Ivan Kuzymchak...