140 matches found
WordPress Ultimate Posts Widget Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ecda45839866 Credits WordFence...
WordPress Video Conferencing with Zoom Plugin <= 4.2.1 is vulnerable to Sensitive Data Exposure
Software Video Conferencing with Zoom Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-3947 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 55e6071a651c Credits Lana Codes...
WordPress Simple Author Box Plugin < 2.52 is vulnerable to Insecure Direct Object References (IDOR)
Software Simple Author Box Type Plugin Vulnerable versions 2.52 Fixed in 2.52 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3601 Patch priority Low CVSS severity Low 6.5 Developer WebFactory Ltd. PSID c55453b38919 Credits Dmitriy Require...
WordPress Quiz And Survey Master Plugin <= 8.1.10 is vulnerable to Broken Access Control
Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.10 Fixed in 8.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-37984 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 046309de9fe7 Credits qilin99 Required...
WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to Cross Site Request Forgery (CSRF)
Software Groundhogg Type Plugin Vulnerable versions = 2.7.11 Fixed in 2.7.11.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34178 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5e519ca6b6e3 Credits Rafshanzani Suhada...
WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR)
Software WooCommerce Bookings Type Plugin Vulnerable versions = 1.15.78 Fixed in 1.15.79 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-32747 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 81006e449dea Credits Raf...
WordPress WP Reactions Lite Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Reactions Lite Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32587 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b436a9de7ad3 Credits István Márton...
WordPress Ko-fi Button Plugin < 1.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Ko-fi Button Type Plugin Vulnerable versions 1.3.3 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2254 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID af182fbd1aaa Credits Felipe Restrepo Rodriguez...
WordPress Clock In Portal- Staff & Attendance Management Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Clock In Portal- Staff & Attendance Management Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0763 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 460bee1676e1...
WordPress Zyrex Popup Plugin <= 1.0 is vulnerable to Arbitrary File Upload
Software Zyrex Popup Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0924 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 902b3bcce78c Credits Yogesh Verma Required privilege Administrator...
WordPress Product Enquiry for WooCommerce Plugin <= 2.2.12 is vulnerable to Cross Site Scripting (XSS)
Software Product Enquiry for WooCommerce Type Plugin Vulnerable versions = 2.2.12 Fixed in 2.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29170 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b43cae5ebb34 Credits Myung...
WordPress Zippy Plugin <= 1.6.1 is vulnerable to Sensitive Data Exposure
Software Zippy Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-26533 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 652b24a2c5be Credits Junsu Yeo Required privilege...
WordPress Really Simple Google Tag Manager Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Really Simple Google Tag Manager Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23801 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0e8a9934df4f Credits...
WordPress Advanced Shipment Tracking for WooCommerce Plugin <= 3.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Advanced Shipment Tracking for WooCommerce Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-41635 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7b3ec3a5415d...
WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)
Software Thank You Page Customizer for WooCommerce – Increase Your Sales Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46812 Patch priority Low CVSS severity Low 4.3 Developer Claim...
WordPress Sheets To WP Table Live Sync Plugin <= 2.12.14 is vulnerable to Cross Site Request Forgery (CSRF)
Software Sheets To WP Table Live Sync Type Plugin Vulnerable versions = 2.12.14 Fixed in 2.12.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 10f41cbc718b Credits...
WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection
Software RSVPMarker Type Plugin Vulnerable versions = 9.9.3 Fixed in 9.9.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-25045 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID b21a0533c506 Credits Aldo Dimas Anugrah K Required privilege Administrator...
WordPress Quiz And Survey Master Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.7 Fixed in 8.0.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46862 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bcb98ded3ded Credits Oliver K...
WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)
Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-0550 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 53344b864cc7 Credits Marco...
WordPress Booster Elite for WooCommerce Plugin < 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Booster Elite for WooCommerce Type Plugin Vulnerable versions 6.0.1 Fixed in 6.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4017 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e0191ec2ee9f Credits WPscan...