WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.8.1 is vulnerable to SQL Injection

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50839 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e03053a216be Credits Fariq Fadillah...

WordPress Limit Login Attempts Reloaded Plugin <= 2.25.26 is vulnerable to Cross Site Scripting (XSS)

Software Limit Login Attempts Reloaded Type Plugin Vulnerable versions = 2.25.26 Fixed in 2.25.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6934 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2de2d139dd65 Credits Hung...

WordPress Booking Manager Plugin <= 2.1.5 is vulnerable to SQL Injection

Software Booking Manager Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50840 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 1f8bbef81167 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress Photo Gallery by 10Web Plugin <= 1.8.18 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.18 Fixed in 1.8.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6924 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0bcf8b758508 Credits István Márton...

WordPress MF Gig Calendar Plugin <= 1.2.1 is vulnerable to SQL Injection

Software MF Gig Calendar Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50842 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 54f1b98a01c0 Credits Khalid Yusuf Required privilege Contributor...

WordPress Image horizontal reel scroll slideshow Plugin <= 13.3 is vulnerable to Cross Site Scripting (XSS)

Software Image horizontal reel scroll slideshow Type Plugin Vulnerable versions = 13.3 Fixed in 13.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5413 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f4bff9d695d5 Credits...

WordPress EazyDocs Plugin < 2.3.4 is vulnerable to SQL Injection

Software EazyDocs Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6035 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6ad682fb44ae Credits Dao Xuan Hieu Required privilege Subscriber Published 19...

WordPress WP Edit Username Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Edit Username Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47527 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3874545cb784 Credits Jeongwoo-LeeRoronoa Required privileg...

WordPress Accredible Certificates & Open Badges Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Accredible Certificates & Open Badges Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50827 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID dce9609936de Credits emad Required...

WordPress WP Crowdfunding Plugin < 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Crowdfunding Type Plugin Vulnerable versions 2.1.8 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5757 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 341ae7773e99 Credits David Suho Lee Required...

WordPress Menu Image, Icons made easy Plugin <= 3.10 is vulnerable to Cross Site Scripting (XSS)

Software Menu Image, Icons made easy Type Plugin Vulnerable versions = 3.10 Fixed in 3.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50826 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e7ae4a05a16b Credits emad Required privilege...

WordPress MW WP Form Plugin <= 5.0.3 is vulnerable to Arbitrary File Deletion

Software MW WP Form Type Plugin Vulnerable versions = 5.0.3 Fixed in 5.0.4 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2023-6559 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 24368a3488f4 Credits Thomas Sanzey Required privilege...

WordPress Slick Social Share Buttons Plugin <= 2.4.11 is vulnerable to Broken Access Control

Software Slick Social Share Buttons Type Plugin Vulnerable versions = 2.4.11 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6878 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7c96f50fb437 Credits István Márton...

WordPress Essential Real Estate Plugin <= 4.3.5 is vulnerable to Arbitrary File Upload

Software Essential Real Estate Type Plugin Vulnerable versions = 4.3.5 Fixed in 4.4.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6827 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4162eb3df384 Credits István Márton Required privilege...

WordPress Advanced iFrame Plugin <= 2023.8 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2023.8 Fixed in 2023.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4775 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 533ab95811dc Credits István Márton Required...

WordPress Import Export WordPress Users Plugin <= 2.4.8 is vulnerable to Arbitrary File Upload

Software Import Export WordPress Users Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6558 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID a7515a768629 Credits István Márton Required...

WordPress Spice Post Slider Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Spice Post Slider Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5362 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 963f12e8b291 Credits István Márton Required...

WordPress Popup Builder Plugin < 4.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 4.2.3 Fixed in 4.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6000 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 14212aacf7f9 Credits Marc Montpas Required...

WordPress Welcart e-Commerce Plugin <= 2.9.6 is vulnerable to Path Traversal

Software Welcart e-Commerce Type Plugin Vulnerable versions = 2.9.6 Fixed in 2.9.7 OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2023-6120 Patch priority Medium CVSS severity Medium 4.1 Developer Claim ownership PSID 545792f26683 Credits Marco Wotschka Required...

WordPress Custom Login Plugin <= 4.1.0 is vulnerable to Broken Access Control

Software Custom Login Type Plugin Vulnerable versions = 4.1.0 Fixed in 4.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49858 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 0dfaac0266be Credits Abdi Pranata Required...