WordPress Convertful – Your Ultimate On-Site Conversion Tool Plugin <= 2.5 is vulnerable to Broken Access Control

Software Convertful – Your Ultimate On-Site Conversion Tool Type Plugin Vulnerable versions = 2.5 Fixed in 2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46605 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9a3a7f4759bc Credit...

WordPress DoLogin Security Plugin <= 3.7.1 is vulnerable to Broken Access Control

Software DoLogin Security Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46608 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 5adc7395b967 Credits Mika Required privilege...

WordPress Security & Malware scan by CleanTalk Plugin <= 2.50 is vulnerable to Broken Access Control

Software Security & Malware scan by CleanTalk Type Plugin Vulnerable versions = 2.50 Fixed in 2.51 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36698 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID b7a98366ebf3 Credits Jerome...

WordPress Tab Ultimate Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Tab Ultimate Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5667 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 6b4d31988178 Credits István Márton Required privileg...

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-46311 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 05932cb617e2 Credits Revan Arifio Requir...

WordPress Soisy Pagamento Rateale Plugin <= 6.0.1 is vulnerable to Broken Access Control

Software Soisy Pagamento Rateale Type Plugin Vulnerable versions = 6.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5132 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID ea685dad7b8e Credits Francesco Carlucci...

WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.14 is vulnerable to Local File Inclusion

Software Ultimate Addons for WPBakery Page Builder Type Plugin Vulnerable versions = 3.19.14 Fixed in 3.19.15 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-46205 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 1ed82bf57553 Credits Rafie...

WordPress Taggbox Plugin <= 3.3 is vulnerable to Broken Access Control

Software Taggbox Type Plugin Vulnerable versions = 3.3 Fixed in 3.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33215 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 74a01c79e50d Credits Jonas Höbenreich Required privilege...

WordPress Booster for WooCommerce Plugin <= 7.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.1.2 Fixed in 7.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5638 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID be851143f85f Credits István Márton...

WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.0 is vulnerable to SQL Injection

Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5336 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 25ea3eb9ee79 Credits István Márton Require...

WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Webpushr Type Plugin Vulnerable versions = 4.34.0 Fixed in 4.35.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35041 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5f64981a29ac Credits Theodoros Malachias...

WordPress BetterLinks Plugin <= 1.6.0 is vulnerable to Broken Access Control

Software BetterLinks Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45104 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID cff55ac44f90 Credits Nguyen Anh Tien Required...

WordPress Headline Analyzer Plugin <= 1.3.1 is vulnerable to Broken Access Control

Software Headline Analyzer Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46195 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0889713f4319 Credits Mika Required privilege...

WordPress MpOperationLogs Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software MpOperationLogs Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5538 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 58b2eea0d790 Credits juweihuitao Required...

WordPress Super Testimonial Pro Plugin <= 2.9 is vulnerable to Cross Site Scripting (XSS)

Software Super Testimonial Pro Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5613 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4c345a4e70e4 Credits Lana Codes Required...

WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Settings Change

Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-46148 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 4e68744a5277 Credits Rafie Muhammad Patchstack Required...

WordPress File Uploader Plugin < 4.23.3 is vulnerable to Cross Site Scripting (XSS)

Software File Uploader Type Plugin Vulnerable versions 4.23.3 Fixed in 4.23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4811 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1623a29c06e5 Credits FAIYAZ AHMAD Required...

WordPress File Manager Pro Plugin < 1.8.1 is vulnerable to Remote Code Execution (RCE)

Software File Manager Pro Type Plugin Vulnerable versions 1.8.1 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4861 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID cd77a490f9de Credits Alex Sanford Required privilege...

WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Privilege Escalation

Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-46145 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 23dc050c5700 Credits Rafie Muhammad Patchstack...

WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userback Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46089 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ca0e03655d57 Credits LEE SE HYOUNG...