WordPress Spectra Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.7.9 Fixed in 2.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49833 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 70385286c341 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Post Meta Data Manager Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5776 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID be22b4c7158e Credits Francesco...

WordPress WP EXtra Plugin <= 6.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP EXtra Type Plugin Vulnerable versions = 6.4 Fixed in 6.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47825 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19cbe9873db2 Credits Huynh Tien Si Required privile...

WordPress Job Manager & Career Plugin < 1.4.4 is vulnerable to Sensitive Data Exposure

Software Job Manager & Career Type Plugin Vulnerable versions 1.4.4 Fixed in 1.4.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5906 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 4d36f550a2ca Credits Dmitrii Ignatyev Requir...

WordPress iPages Flipbook Plugin <= 1.4.8 is vulnerable to SQL Injection

Software iPages Flipbook Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.5.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-47236 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID ca6f53544a70 Credits Muhammad Daffa Required privilege Administrator...

WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure

Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07af2f4a4fb5 Credits Marco Wotschka Required...

WordPress Vertical Marquee Plugin Plugin <= 7.1 is vulnerable to SQL Injection

Software Vertical Marquee Plugin Type Plugin Vulnerable versions = 7.1 Fixed in 7.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5436 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 0d3867ba4432 Credits István Márton Required privilege Contributor...

WordPress Current Menu Item for Custom Post Types Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Current Menu Item for Custom Post Types Type Plugin Vulnerable versions = 1.5 Fixed in 1.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46781 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID eea8363457b5 Credits...

WordPress Auto Limit Posts Reloaded Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Auto Limit Posts Reloaded Type Plugin Vulnerable versions = 2.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46778 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 73dd685c68a7 Credits Nguyen Xuan...

WordPress WP EXtra Plugin <= 6.2 is vulnerable to Broken Access Control

Software WP EXtra Type Plugin Vulnerable versions = 6.2 Fixed in 6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5314 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 55747fccb396 Credits TP Cyber Security Required privilege...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Sensitive Data Exposure

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5254 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a08bb4253476 Credits Marco Wotschka Required privilege...

WordPress Simple URLs Plugin <= 120 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple URLs Type Plugin Vulnerable versions = 120 Fixed in 121 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45606 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8dcb8acc03a Credits Mika Required privilege...

WordPress User Activity Log Pro Plugin < 2.3.4 is vulnerable to Bypass Vulnerability

Software User Activity Log Pro Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-5133 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06c08325ccb9 Credits Bartlomiej Marek and...

WordPress Slimstat Analytics Plugin <= 5.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.8 Fixed in 5.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40676 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 02d370df713c Credits Rio Darmawan Require...

WordPress Paid Memberships Pro CCBill Gateway Plugin <= 0.3 is vulnerable to Broken Access Control

Software Paid Memberships Pro CCBill Gateway Type Plugin Vulnerable versions = 0.3 Fixed in 0.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40608 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 6824186fd879 Credits Rafie Muhamma...

WordPress Advanced File Manager Plugin < 5.1.1 is vulnerable to Sensitive Data Exposure

Software Advanced File Manager Type Plugin Vulnerable versions 5.1.1 Fixed in 5.1.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-3814 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID c11d3f659c9c Credits Dmitrii Required...

WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software Header Footer Code Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in 1.1.35 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39989 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5536fb0cce4a Credits Rafie...

WordPress Social Share Icons & Social Share Buttons Plugin <= 3.5.7 is vulnerable to Broken Access Control

Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.5.7 Fixed in 3.5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 70d3b475ed6b Credits...

WordPress Clone Plugin <= 2.3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Clone Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 96ed031b1483 Credits Wordfence Required privilege...

WordPress Backup Migration Plugin <= 1.2.7 is vulnerable to Broken Access Control

Software Backup Migration Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c3aab82cdff1 Credits WordFence Required privilege...