WordPress LiteSpeed Cache 5.6 Cross Site Scripting

Vulnerability Summary from Wordfence Intelligence Description: LiteSpeed Cache = 5.6 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: LiteSpeed Cache Plugin Slug: litespeed-cache Affected Versions: = 5.6 CVE ID: CVE-2023-4372 CVSS Score: 6.4 Medium CVSS...

WordPress Stripe Payment Gateway for WooCommerce Plugin <= 3.7.7 is vulnerable to Privilege Escalation

Software Stripe Payment Gateway for WooCommerce Type Plugin Vulnerable versions = 3.7.7 Fixed in 3.7.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-3162 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID...

WordPress InstaWP Connect Plugin <= 0.0.9.18 is vulnerable to Broken Access Control

Software InstaWP Connect Type Plugin Vulnerable versions = 0.0.9.18 Fixed in 0.0.9.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3956 Patch priority High CVSS severity High 9.8 Developer InstaWP PSID 2b066ee4e3c0 Credits Lana Codes Required privilege...

WordPress YARPP Plugin <= 5.30.3 is vulnerable to Cross Site Scripting (XSS)

Software YARPP Type Plugin Vulnerable versions = 5.30.3 Fixed in 5.30.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2433 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a7d49568bb15 Credits Lana Codes Required privilege...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023)

Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

WordPress Go Pricing Plugin <= 3.3.19 is vulnerable to Broken Access Control

Software Go Pricing Type Plugin Vulnerable versions = 3.3.19 Fixed in 3.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2494 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 71975662f90e Credits Lana Codes Required privilege...

WordPress WP Directory Kit Plugin < 1.2.0 is vulnerable to Local File Inclusion

Software WP Directory Kit Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-2278 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 5c152fb4dc7b Credits Lana Codes Required privilege...

Exploit for Improper Privilege Management in Wpdeveloper Reviewx

CVE-2023-2833 Mass Exploit Generator by Alucard0x1 This repos...

WordPress ReviewX 1.6.13 Privilege Escalation

Description: ReviewX = 1.6.13 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce Plugin Slug: reviewx Affected Versions: = 1.6.13 CVE ID: CVE-2023-2833 CVSS Score: 8.8 High CVSS Vector:...

WordPress ReviewX 1.6.13 Privilege Escalation Vulnerability

Description: ReviewX = 1.6.13 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce Plugin Slug: reviewx Affected Versions: = 1.6.13 CVE ID: CVE-2023-2833 CVSS Score: 8.8 High CVSS Vector:...

WordPress Nested Pages Plugin <= 3.2.3 is vulnerable to Broken Access Control

Software Nested Pages Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2434 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID 26e414b00090 Credits Lana Codes Required privilege...

WordPress Feather Login Page Plugin 1.0.7-1.1.1 is vulnerable to Broken Access Control

Software Feather Login Page Type Plugin Vulnerable versions 1.0.7-1.1.1 Fixed in 1.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2545 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 109ff0ae5394 Credits Lana Codes Required...

WordPress Feather Login Page Plugin 1.0.7-1.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Feather Login Page Type Plugin Vulnerable versions 1.0.7-1.1.1 Fixed in 1.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2549 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 17403ad53e50 Credits Lana Codes...

W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin

On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the mos...

WordPress URL Params Plugin < 2.5 is vulnerable to Cross Site Scripting (XSS)

Software URL Params Type Plugin Vulnerable versions 2.5 Fixed in 2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0274 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c07bdc476562 Credits Lana Codes Required privilege...

WordPress Pricing Tables For WPBakery Page Builder Plugin < 3.0 is vulnerable to Cross Site Scripting (XSS)

Software Pricing Tables For WPBakery Page Builder Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0367 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3359d5d482fd Credits...

WordPress WP Shamsi Plugin <= 4.3.3 is vulnerable to Arbitrary File Deletion

Software WP Shamsi Type Plugin Vulnerable versions = 4.3.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-0335 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 28e13116883e Credits Lana Codes Required privilege...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 13, 2023 to Mar 19, 2023)

Last week, there were 92 vulnerabilities disclosed in 76 WordPress Plugins and 7 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

WordPress GPT3 AI Content Writer Plugin < 1.4.38 is vulnerable to Content Injection

Software GPT3 AI Content Writer Type Plugin Vulnerable versions 1.4.38 Fixed in 1.4.38 OWASP Top 10 A1: Injection Classification Content Injection CVE CVE-2023-0405 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 868b79c31d14 Credits Lana Codes Required privilege...

WordPress WC Vendors Marketplace Plugin < 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Software WC Vendors Marketplace Type Plugin Vulnerable versions 2.4.5 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0072 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID c2abc726ee8e Credits Lana Codes...