WordPress Customer Reviews for WooCommerce Plugin <= 5.38.9 is vulnerable to Arbitrary File Upload

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.38.9 Fixed in 5.38.10 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6979 Patch priority Medium CVSS severity Medium 9.8 Developer Claim ownership PSID f2b42bb42f3b Credits Artem Guzhva...

WordPress Post SMTP Plugin <= 2.8.7 is vulnerable to Cross Site Scripting (XSS)

Software Post SMTP Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7027 Patch priority Medium CVSS severity Medium 7.1 Developer WPExperts PSID 7142ca21bf69 Credits Sean Murphy Required privilege...

WordPress HT Mega Plugin <= 2.3.8 is vulnerable to Cross Site Scripting (XSS)

Software HT Mega Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50901 Patch priority Medium CVSS severity Medium 7.1 Developer HTMega PSID 46290c97b255 Credits Le Ngoc Anh Required privilege Unauthenticated...

WordPress Booking Manager Plugin <= 2.1.5 is vulnerable to SQL Injection

Software Booking Manager Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50840 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 1f8bbef81167 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress Import Export WordPress Users Plugin <= 2.4.8 is vulnerable to Arbitrary File Upload

Software Import Export WordPress Users Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6558 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID a7515a768629 Credits István Márton Required...

WordPress Soledad Theme <= 8.4.1 is vulnerable to SQL Injection

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49825 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID a78a84399460 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Smart External Link Click Monitor [Link Log] Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Smart External Link Click Monitor Link Log Type Plugin Vulnerable versions = 5.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49771 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1106b9604760 Credits Mika...

WordPress Awesome Support Plugin <= 6.1.10 is vulnerable to Broken Access Control

Software Awesome Support Type Plugin Vulnerable versions = 6.1.10 Fixed in 6.1.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-49757 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 3019bd4f8cbf Credits Abdi Pranata Required...

WordPress SearchIQ Plugin <= 4.4 is vulnerable to Broken Access Control

Software SearchIQ Type Plugin Vulnerable versions = 4.4 Fixed in 4.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47832 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID ebe24eb2b5d2 Credits Mika Required privilege...

WordPress Acme Fix Images Plugin <= 1.0.0 is vulnerable to Broken Access Control

Software Acme Fix Images Type Plugin Vulnerable versions = 1.0.0 Fixed in 2.0.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47793 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 51b5ada66dce Credits Abdi Pranata Required...

WordPress WPCafe Plugin <= 2.2.22 is vulnerable to Broken Access Control

Software WPCafe Type Plugin Vulnerable versions = 2.2.22 Fixed in 2.2.23 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47805 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID b94e1d5fde71 Credits Abdi Pranata Required privileg...

WordPress miniorange otp verification Plugin <= 4.2.1 is vulnerable to Broken Access Control

Software miniorange otp verification Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47776 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 60649c9bd1ee Credits Abdi Pranat...

WordPress WordPress Backup & Migration Plugin < 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Backup & Migration Type Plugin Vulnerable versions 1.4.5 Fixed in 1.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5738 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9b9d4e9b2aa2 Credits Krzyszt...

WordPress Short URL Plugin <= 1.6.8 is vulnerable to Broken Access Control

Software Short URL Type Plugin Vulnerable versions = 1.6.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47225 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 80acb0670d7b Credits Abdi Pranata Required privilege...

WordPress Medialist Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Medialist Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46640 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 22ee4e11fa05 Credits Tien from VNPT-VCI Required privilege...

WordPress WP Simple HTML Sitemap Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Simple HTML Sitemap Type Plugin Vulnerable versions = 2.2 Fixed in 2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46627 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4aa5ac9576e1 Credits Le Ngoc Anh...

WordPress Mediabay Plugin <= 1.6 is vulnerable to Broken Access Control

Software Mediabay Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46612 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 01f288807115 Credits emad Required privilege Subscriber...

WordPress Taggbox Plugin <= 3.3 is vulnerable to Broken Access Control

Software Taggbox Type Plugin Vulnerable versions = 3.3 Fixed in 3.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33215 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 74a01c79e50d Credits Jonas Höbenreich Required privilege...

WordPress MpOperationLogs Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software MpOperationLogs Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5538 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 58b2eea0d790 Credits juweihuitao Required...

WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software EG-Attachments Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46070 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 04006798b0e0 Credits Le Ngoc Anh Required...