WordPress doctor-listing Plugin < 1.3.6 is vulnerable to Privilege Escalation

Software doctor-listing Type Plugin Vulnerable versions 1.3.6 Fixed in 1.3.6 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 30151bcf23e5 Credits Omar Badran Required privilege...

WordPress real-estate-pro Plugin < 1.7.1 is vulnerable to Privilege Escalation

Software real-estate-pro Type Plugin Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a8f610e7b2fc Credits Omar Badran Required privilege...

WordPress Hotel Listing Plugin < 1.3.7 is vulnerable to Privilege Escalation

Software Hotel Listing Type Plugin Vulnerable versions 1.3.7 Fixed in 1.3.7 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6e712961c58d Credits Omar Badran Required privilege...

WordPress photographer-directory Plugin < 1.0.9 is vulnerable to Privilege Escalation

Software photographer-directory Type Plugin Vulnerable versions 1.0.9 Fixed in 1.0.9 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 44093df6ab0d Credits Omar Badran Required...

WordPress All in One Support Button premium plugin <= 1.8.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Authenticated Stored Cross-Site Scripting XSS vulnerabilities found by Omar Badran in WordPress All in One Support Button premium plugin versions = 1.8.7. Solution Update the WordPress All in One Support Button premium plugin to the latest available version at least 1.8.8...