WordPress Smart Forms Plugin <= 2.6.84 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions = 2.6.84 Fixed in 2.6.85 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49856 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 636ea1edcfea Credits Abdi Pranata Required privile...

WordPress Custom Post Type Page Template Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Custom Post Type Page Template Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50372 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6e58dd1aa617 Credits Nguyen...

WordPress Alt Manager Plugin <= 1.6.1 is vulnerable to Broken Access Control

Software Alt Manager Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50373 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID d15fcb372f33 Credits Nguyen Xuan Chien Required...

WordPress Social Media Feather Plugin <= 2.1.3 is vulnerable to Broken Access Control

Software Social Media Feather Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49861 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID c21113708404 Credits Abdi Pranata...

WordPress Login With Ajax Plugin <= 4.1 is vulnerable to Broken Access Control

Software Login With Ajax Type Plugin Vulnerable versions = 4.1 Fixed in 4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49859 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 3990b3ba7420 Credits Abdi Pranata Required...

WordPress Awesome Support Plugin <= 6.1.7 is vulnerable to Broken Access Control

Software Awesome Support Type Plugin Vulnerable versions = 6.1.7 Fixed in 6.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49857 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 75c871c2eac0 Credits thiennv Required privilege...

WordPress Bacola Core Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Bacola Core Type Plugin Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49839 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID d717888feaf6 Credits RE-ALTER Required privilege Unauthenticate...

WordPress Burst Statistics Pro Plugin 1.4.0-1.5.0 is vulnerable to SQL Injection

Software Burst Statistics Pro Type Plugin Vulnerable versions 1.4.0-1.5.0 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-5761 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fbf5617c0e05 Credits German Ritter Required privilege...

WordPress Fix My Feed RSS Repair Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Fix My Feed RSS Repair Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49816 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5bdeb04c02b0 Credits Nguyen Xuan Chie...

WordPress Cookie Bar Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Cookie Bar Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49836 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 703ecb793ab1 Credits Muhammad Daffa Required privilege Administrator...

WordPress Soledad Theme <= 8.4.1 is vulnerable to SQL Injection

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49825 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID a78a84399460 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Spectra Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.7.9 Fixed in 2.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49833 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 70385286c341 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49826 Patch priority Medium CVSS severity Medium 8.1 Developer Claim ownership PSID c3ecdbf607cb Credits Rafie Muhammad Patchstack Required privilege...

WordPress Webflow Pages Plugin <= 1.0.8 is vulnerable to Broken Access Control

Software Webflow Pages Type Plugin Vulnerable versions = 1.0.8 Fixed in 1.1.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49818 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f0a2c4f0050b Credits Mika Required privilege...

WordPress Smart External Link Click Monitor [Link Log] Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Smart External Link Click Monitor Link Log Type Plugin Vulnerable versions = 5.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49771 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1106b9604760 Credits Mika...

WordPress WooCommerce Payments Plugin <= 6.4.2 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Payments Type Plugin Vulnerable versions = 6.4.2 Fixed in 6.5.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49828 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 702b702ee838 Credits Rafie Muhammad Patchstack Require...

WordPress Structured Content Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Structured Content Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49820 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4db95a68f57c Credits LVT-tholv2k Required privilege...

WordPress Bold Page Builder Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions = 4.6.1 Fixed in 4.7.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49823 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f110d66c795 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress MW WP Form Plugin <= 5.0.1 is vulnerable to Arbitrary File Upload

Software MW WP Form Type Plugin Vulnerable versions = 5.0.1 Fixed in 5.0.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 597833164ec3 Credits István Márton Required privilege Unauthenticat...

WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Bypass Vulnerability

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.5.02.005 Fixed in 8.6.01.005 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-49774 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 23d1af6fe73e Credits Brandon Roldan...