WordPress WPDM – Premium Packages Plugin <= 6.0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Mika in WordPress Plugin WPDM – Premium Packages versions = 6.0.2...

WordPress Shortcode Redirect Plugin <= 1.0.02 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Rooting in WordPress Plugin Shortcode Redirect versions = 1.0.02...

WordPress Table & Contact Form 7 Database – Tablesome Plugin <= 1.0.33 is vulnerable to Sensitive Data Exposure

Software Table & Contact Form 7 Database – Tablesome Type Plugin Vulnerable versions = 1.0.33 Fixed in 1.0.34 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-37498 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b592d73e1659...

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0768 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.2 Fixed in 8.5.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52120 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6c987b0249e3 Credits...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to SQL Injection

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.5 Fixed in 8.5.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50838 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3121cd44ed44 Credits Khalid Yusuf Required privilege...

WordPress Media Library Helper by Codexin Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Media Library Helper by Codexin Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-37386 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 31c3323d9133 Credits...

WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-23679 Patch priority Low CVSS severity Low 4.6 Developer Claim ownership PSID...