WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software LiveChat Type Plugin Vulnerable versions = 4.5.15 Fixed in 4.5.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49821 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fc152f3c5a19 Credits Brandon Roldan Required...

WordPress Advanced Database Cleaner Plugin <= 3.1.2 is vulnerable to SQL Injection

Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49764 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 18ca57291df6 Credits Mika Required privilege Administrator...

WordPress Spiffy Calendar Plugin <= 4.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.5 Fixed in 4.9.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49745 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 28c8f76cf91e Credits resecured.io Required privilege...

WordPress Bulk Edit Post Titles Plugin <= 5.0.0 is vulnerable to Broken Access Control

Software Bulk Edit Post Titles Type Plugin Vulnerable versions = 5.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-49754 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID cc6753fe92c9 Credits Nguyen Xuan Chien...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to Local File Inclusion

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-49753 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 193f6f83729d Credits RE-ALTER Required privilege Unauthenticated...

WordPress Dashboard Widgets Suite Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Dashboard Widgets Suite Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49743 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c6ab0c656b0c Credits Rachit Arora Required privileg...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to SQL Injection

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49752 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bdbcb39edd4b Credits RE-ALTER Required privilege Unauthenticated...

WordPress Couponis Demo Plugin < 2.2 is vulnerable to SQL Injection

Software Couponis Demo Type Plugin Vulnerable versions 2.2 Fixed in 2.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49750 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 697cadbd26d0 Credits RE-ALTER Required privilege Unauthenticated Published 4...

WordPress SureTriggers Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)

Software SureTriggers Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49749 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11a6f0afd634 Credits Rafie Muhammad...

WordPress Awesome Support Plugin <= 6.1.10 is vulnerable to Broken Access Control

Software Awesome Support Type Plugin Vulnerable versions = 6.1.10 Fixed in 6.1.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-49757 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 3019bd4f8cbf Credits Abdi Pranata Required...

WordPress WP Booking System Plugin <= 2.0.19.2 is vulnerable to Broken Access Control

Software WP Booking System Type Plugin Vulnerable versions = 2.0.19.2 Fixed in 2.0.19.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-49758 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b7e70f6e3332 Credits Abdi Pranata...

WordPress DoFollow Case by Case Plugin <= 3.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software DoFollow Case by Case Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.5.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49197 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1e74ba3bfbc6 Credits Skalucy...

WordPress Backup Migration Plugin <= 1.3.6 is vulnerable to Sensitive Data Exposure

Software Backup Migration Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-6266 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 7df0ea44f3d7 Credits Rafshanzani Suhada...

WordPress CF7 Google Sheets Connector Plugin <= 5.0.5 is vulnerable to Sensitive Data Exposure

Software CF7 Google Sheets Connector Type Plugin Vulnerable versions = 5.0.5 Fixed in 5.0.6 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-44989 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 42f969d97736...

WordPress SchedulePress Plugin <= 5.0.4 is vulnerable to Broken Access Control

Software SchedulePress Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aa83517bf4e8 Credits Unknown Required privilege Contributor...

WordPress Innovs HR Plugin <= 1.0.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Innovs HR Type Plugin Vulnerable versions = 1.0.3.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49171 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e18ef701b7d2 Credits SeungYongLee Required privilege...

WordPress List all posts by Authors, nested Categories and Title Plugin <= 2.8.2 is vulnerable to Cross Site Scripting (XSS)

Software List all posts by Authors, nested Categories and Title Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-49182 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress which template file Plugin <= 5.0.0 is vulnerable to Cross Site Scripting (XSS)

Software which template file Type Plugin Vulnerable versions = 5.0.0 Fixed in 5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-49177 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 69cd93c404ef Credits LEE SE HYOUNG...

WordPress teachPress Plugin <= 9.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software teachPress Type Plugin Vulnerable versions = 9.0.5 Fixed in 9.0.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49163 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 932dc955a019 Credits LVT-tholv2k Required...

WordPress Email Address Encoder Plugin <= 1.0.22 is vulnerable to Cross Site Scripting (XSS)

Software Email Address Encoder Type Plugin Vulnerable versions = 1.0.22 Fixed in 1.0.23 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48765 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4b554f8ca93c Credits LVT-tholv2k Required privilege...