WordPress WoodMart Theme <= 7.2.1 is vulnerable to Broken Access Control

Software WoodMart Type Theme Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32240 Patch priority Medium CVSS severity Medium 5.4 Developer Xtemos PSID b409a147912c Credits Dave Jong Patchstack Required privilege...

WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Scripting (XSS)

Software Yoast SEO: Local Type Plugin Vulnerable versions = 14.8 Fixed in 14.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32300 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 28e5acd1438d Credits Rafie Muhammad...

WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32510 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fdf3da041b8c Credits minhtuana...

WordPress Advanced Custom Fields Plugin < 5.12.5 is vulnerable to PHP Object Injection

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.12.5 Fixed in 5.12.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1196 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 8c55b8a9942a Credits Nguyen Huu Do Required privile...

WordPress Post Shortcode Plugin <= 2.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Post Shortcode Type Plugin Vulnerable versions = 2.0.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0526 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 623dba0711b0 Credits István Márton Require...

WordPress WP-FormAssembly Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Software WP-FormAssembly Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 02e3cddecd0a Credits WordFence Required privilege...

WordPress Blocksy Companion Plugin < 1.8.82 is vulnerable to Sensitive Data Exposure

Software Blocksy Companion Type Plugin Vulnerable versions 1.8.82 Fixed in 1.8.82 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-1911 Patch priority Medium CVSS severity Medium 4.3 Developer Creative Themes PSID a9848e95cc61 Credits Erwan LR WPScan...

WordPress Blogger Buzz Theme <= 1.2.2 is vulnerable to Broken Access Control

Software Blogger Buzz Type Theme Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30476 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b1de090398f6 Credits Dave Jong Patchstack Required...

WordPress Video Central Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Video Central Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0418 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6114cbd9fcb5 Credits Lana Codes Required...

WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Tiles Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4827 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7153516c9060 Credits Lana Codes Required privile...

WordPress The7 Theme <= 11.6.0 is vulnerable to Cross Site Scripting (XSS)

Software The7 Type Theme Vulnerable versions = 11.6.0 Fixed in 11.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29100 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 24f83da1f799 Credits Rafie Muhammad Patchstack...

WordPress Coupon Affiliates Plugin <= 5.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Coupon Affiliates Type Plugin Vulnerable versions = 5.4.3 Fixed in 5.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28992 Patch priority Medium CVSS severity Medium 7.1 Developer RelyWP PSID 3cc060340a7c Credits thiennv Required privile...

WordPress HappyFiles Pro Plugin <= 1.8.1 is vulnerable to Broken Access Control

Software HappyFiles Pro Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25445 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 518a5cea4b57 Credits Dave Jong Patchstack...

WordPress Complianz Premium Plugin < 6.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Complianz Premium Type Plugin Vulnerable versions 6.4.2 Fixed in 6.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1069 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9c9adcf0c943 Credits Erwan LR WPScan...

WordPress Schedulicity Plugin <= 2.21 is vulnerable to Cross Site Scripting (XSS)

Software Schedulicity Type Plugin Vulnerable versions = 2.21 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0491 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4c22e6c6bae0 Credits Lana Codes Required...

WordPress If Menu Plugin <= 0.16.3 is vulnerable to Broken Access Control

Software If Menu Type Plugin Vulnerable versions = 0.16.3 Fixed in 0.17.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-41698 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6fd87b73bf2d Credits Nguyen Anh Tien Required...

WordPress WP Job Portal Plugin <= 2.0.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Job Portal Type Plugin Vulnerable versions = 2.0.5 Fixed in 2.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28534 Patch priority Medium CVSS severity Medium 6.5 Developer Ahmad PSID e68a92571619 Credits Fariq Fadillah Gusti Insani...

WordPress Chankhe Theme <= 1.0.5 is vulnerable to Broken Authentication

Software Chankhe Type Theme Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-28416 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 9050e7df6a1b Credits Dave Jong Patchstack Required...

WordPress UpdraftPlus Plugin <= 1.22.24 is vulnerable to Sensitive Data Exposure

Software UpdraftPlus Type Plugin Vulnerable versions = 1.22.24 Fixed in 1.23.1 OWASP Top 10 A5: Broken Access Control Classification Sensitive Data Exposure CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 8fed8919edba Credits Unknown Required privilege...

WordPress Download Attachments Plugin <= 1.2.24 is vulnerable to Cross Site Scripting (XSS)

Software Download Attachments Type Plugin Vulnerable versions = 1.2.24 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0076 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d4020e1c310d Credits Lana Codes...