WordPress Stripe Payments Plugin <= 2.0.79 is vulnerable to Content Injection

Software Stripe Payments Type Plugin Vulnerable versions = 2.0.79 Fixed in 2.0.80 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2023-48285 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d526738c5887 Credits Joshua Chan Required privilege...

WordPress WCMultiShipping Plugin <= 2.3.5 is vulnerable to Broken Access Control

Software WCMultiShipping Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48274 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ae6198f38515 Credits Abdi Pranata Required...

WordPress Widgets for Google Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload

Software Widgets for Google Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 5e436d044590 Credits Rafie Muhammad Patchstack...

WordPress Autocomplete Location field Contact Form 7 Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Autocomplete Location field Contact Form 7 Type Plugin Vulnerable versions = 2.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5005 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4890d8d7c0c3 Credits B...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Broken Authentication

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-2437 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9aac076e3030 Credits István Márton...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2447 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID f82d076bd579 Credits István Márton Required...

WordPress Preloader for Website Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software Preloader for Website Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48273 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID d41468183f67 Credits Nguyen Xuan Chien...

WordPress Post Meta Data Manager Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5776 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID be22b4c7158e Credits Francesco...

WordPress WP Child Theme Generator Plugin <= 1.1.2 is vulnerable to Arbitrary File Upload

Software WP Child Theme Generator Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Upload CVE CVE-2023-47873 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID e915ca3d162f Credits Dateoljo of BoB 12th...

WordPress wpForo Forum Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software wpForo Forum Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47872 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID da62b115c79c Credits Jesse McNeil Required privilege...

WordPress PayTR Taksit Tablosu Plugin <= 1.3.1 is vulnerable to Broken Access Control

Software PayTR Taksit Tablosu Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47847 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9835cf00a16a Credits Abdi Pranata Required...

WordPress CataBlog Plugin <= 1.7.0 is vulnerable to Arbitrary File Upload

Software CataBlog Type Plugin Vulnerable versions = 1.7.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-47842 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID ca3ef4e541ae Credits Rafie Muhammad Patchstack Required privilege...

WordPress Audio Merchant Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Audio Merchant Type Plugin Vulnerable versions = 5.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6197 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b9deef5e9191 Credits Ala Arfaoui Required...

WordPress wpForo Forum Plugin <= 2.2.3 is vulnerable to Privilege Escalation

Software wpForo Forum Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2023-47868 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 18839e0584f6 Credits Jesse McNeil Required privilege...

WordPress Contact Form to Any API Plugin <= 1.1.6 is vulnerable to Broken Access Control

Software Contact Form to Any API Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47871 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 81c0f0123458 Credits Arvandy Require...

WordPress wpForo Forum Plugin <= 2.2.5 is vulnerable to Content Injection

Software wpForo Forum Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A1: Broken Access Control Classification Content Injection CVE CVE-2023-47869 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e9607ec97842 Credits Jesse McNeil Required privilege...

WordPress Grab & Save Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Grab & Save Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47845 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 10b2ddc4a429 Credits Dimas Maulana Required...

WordPress Quiz And Survey Master Plugin <= 8.1.13 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.13 Fixed in 8.1.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47834 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f34de2f1d2a5 Credits emad Required privilege...

WordPress Events Addon for Elementor Plugin <= 2.1.3 is vulnerable to Broken Access Control

Software Events Addon for Elementor Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47827 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5dbac8531308 Credits Abdi Pranata...

WordPress SearchIQ Plugin <= 4.4 is vulnerable to Broken Access Control

Software SearchIQ Type Plugin Vulnerable versions = 4.4 Fixed in 4.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47832 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID ebe24eb2b5d2 Credits Mika Required privilege...