WordPress RumbleTalk Live Group Chat Plugin <= 6.2.5 is vulnerable to Broken Access Control

Software RumbleTalk Live Group Chat Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45828 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 142311804af3 Credits Mika Require...

WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Report Post Type Plugin Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45769 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d5598e546cea Credits Ivy TOOR, LISA...

WordPress WordPress Backup & Migration Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software WordPress Backup & Migration Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45636 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e1fb36cf7cf2 Credits Abdi Prana...

WordPress OPcache Dashboard Plugin <= 0.3.1 is vulnerable to Cross Site Scripting (XSS)

Software OPcache Dashboard Type Plugin Vulnerable versions = 0.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45064 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 88a7f0a12d7e Credits LEE SE HYOUNG...

WordPress User Activity Log Pro Plugin < 2.3.4 is vulnerable to Cross Site Scripting (XSS)

Software User Activity Log Pro Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5167 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 89ef9c440ecf Credits Bartlomiej Mar...

WordPress Simple Membership Plugin <= 4.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Simple Membership Type Plugin Vulnerable versions = 4.3.5 Fixed in 4.3.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4719 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2b9d405c3f7b Credits FearZzZz Require...

WordPress Raise Mag Theme <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Raise Mag Type Theme Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28621 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef6477e9116b Credits László Radnai Required...

WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software User Feedback Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-39308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4cad82df326d Credits Revan Arifio Required privilege...

WordPress WP Bannerize Pro Plugin <= 1.6.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Bannerize Pro Type Plugin Vulnerable versions = 1.6.9 Fixed in 1.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41663 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 77839e376c07 Credits thiennv Required...

WordPress Min Max Control Plugin < 4.6 is vulnerable to Cross Site Scripting (XSS)

Software Min Max Control Type Plugin Vulnerable versions 4.6 Fixed in 4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4270 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f355d50b63c9 Credits Animesh Gaurav Required...

WordPress Brain Power Theme <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Brain Power Type Theme Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2813 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1eb52f5b8792 Credits Random Robbie Required...

WordPress Anand Theme <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Anand Type Theme Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2813 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ce14093d4551 Credits Random Robbie Required privilege...

WordPress WebLibrarian Plugin <= 3.5.8.4 is vulnerable to Cross Site Scripting (XSS)

Software WebLibrarian Type Plugin Vulnerable versions = 3.5.8.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29441 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e45d424e6b8c Credits LEE SE HYOUNG...

WordPress Highcompress Image Compressor Plugin <= 6.1.2 is vulnerable to Broken Access Control

Software Highcompress Image Compressor Type Plugin Vulnerable versions = 6.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-40209 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 99c36206c314 Credits Abdi Pranat...

WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Remote Code Execution (RCE)

Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4142 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID a395389d1982 Credits István Márton Required...

WordPress User Email Verification for WooCommerce Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS)

Software User Email Verification for WooCommerce Type Plugin Vulnerable versions = 3.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-39162 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1c9649928e7b...

WordPress PHP Everywhere Plugin <= 2.0.3 is vulnerable to Remote Code Execution (RCE)

Software PHP Everywhere Type Plugin Vulnerable versions = 2.0.3 Fixed in 3.0.0 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2022-24664 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 03f2a970e135 Credits Ramuel Gall Required privilege...

WordPress Contact Form for WordPress- Cybrosys Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form for WordPress- Cybrosys Type Plugin Vulnerable versions = 5.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a418e2304432 Credits Rafie Muhammad...

WordPress 1 Click Close Store Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software 1 Click Close Store Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d6ea0096ad8 Credits Rafie Muhammad Patchstack...

WordPress Custom User Guide Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom User Guide Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 73064f77dce5 Credits Rafie Muhammad Patchstack...