WordPress Restaurant & Cafe Addon for Elementor Plugin <= 1.5.3 is vulnerable to Broken Access Control

Software Restaurant & Cafe Addon for Elementor Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.5.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47826 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b97882725329 Credits...

WordPress WP EXtra Plugin <= 6.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP EXtra Type Plugin Vulnerable versions = 6.4 Fixed in 6.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47825 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19cbe9873db2 Credits Huynh Tien Si Required privile...

WordPress Jetpack Plugin < 12.7 is vulnerable to Clickjacking

Software Jetpack Type Plugin Vulnerable versions 12.7 Fixed in 12.7 OWASP Top 10 A3: Injection Classification Clickjacking CVE CVE-2023-47774 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 18fefcc21cac Credits Rafie Muhammad Patchstack Required privilege Contributor...

WordPress LWS Hide Login Plugin <= 2.1.8 is vulnerable to Bypass Vulnerability

Software LWS Hide Login Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2023-47818 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 6d52db64950c Credits Naveen Muthusamy Required privilege...

WordPress WP Courses LMS Plugin <= 3.2.3 is vulnerable to Broken Access Control

Software WP Courses LMS Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 788c62b14a2a Credits Unknown Required privilege Subscriber...

WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Broken Access Control

Software WP Like Button Type Plugin Vulnerable versions = 1.7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47820 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6a5c3f8c76dc Credits Abdi Pranata Required privilege...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.14.0 is vulnerable to Local File Inclusion

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.14.0 Fixed in 2.15.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-37888 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 2ea7a20d00de Credits Rafie...

WordPress Welcart e-Commerce Plugin < 2.9.6 is vulnerable to PHP Object Injection

Software Welcart e-Commerce Type Plugin Vulnerable versions 2.9.6 Fixed in 2.9.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE N/A Patch priority Medium CVSS severity Medium 4.4 Developer Claim ownership PSID dd10708cfd4f Credits WordFence Required privilege Published 15...

WordPress Phlox Portfolio Plugin <= 2.3.1 is vulnerable to Local File Inclusion

Software Phlox Portfolio Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-38399 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 2298d332cdc8 Credits Rafie Muhammad Patchstack Required...

WordPress WPCafe Plugin <= 2.2.22 is vulnerable to Broken Access Control

Software WPCafe Type Plugin Vulnerable versions = 2.2.22 Fixed in 2.2.23 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47805 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID b94e1d5fde71 Credits Abdi Pranata Required privileg...

WordPress Acme Fix Images Plugin <= 1.0.0 is vulnerable to Broken Access Control

Software Acme Fix Images Type Plugin Vulnerable versions = 1.0.0 Fixed in 2.0.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47793 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 51b5ada66dce Credits Abdi Pranata Required...

WordPress Email Encoder Bundle Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47821 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 19415fa8bf01 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Daily Prayer Time Plugin <= 2023.10.13 is vulnerable to Cross Site Scripting (XSS)

Software Daily Prayer Time Type Plugin Vulnerable versions = 2023.10.13 Fixed in 2023.10.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47817 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1face61be077 Credits Ngô Thiên An ancorn from...

WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Scripting (XSS)

Software LayerSlider Type Plugin Vulnerable versions = 7.7.9 Fixed in 7.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47786 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID bc229172c2ce Credits Rafie Muhammad Patchstack Required...

WordPress BSK Contact Form 7 Blacklist Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software BSK Contact Form 7 Blacklist Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5141 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bcd35c27eb27 Credits Enrico...

WordPress Footer Putter Plugin <= 1.17 is vulnerable to Cross Site Scripting (XSS)

Software Footer Putter Type Plugin Vulnerable versions = 1.17 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47768 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4553836a22ef Credits Le Ngoc Anh Required...

WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Leadster Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47791 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6d346958cd11 Credits BuShiYue Required privileg...

WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software LayerSlider Type Plugin Vulnerable versions = 7.7.9 Fixed in 7.7.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47785 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 32d010feaf90 Credits Rafie Muhammad...

WordPress EasyAzon Plugin <= 5.1.0 is vulnerable to Broken Access Control

Software EasyAzon Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47780 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID bdc4e95fbc8c Credits Abdi Pranata Required privileg...

WordPress Betheme Theme <= 27.1.1 is vulnerable to Broken Access Control

Software Betheme Type Theme Vulnerable versions = 27.1.1 Fixed in 27.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47770 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID f61160742341 Credits Rafie Muhammad Patchstack Required...