WordPress Conversios.io Plugin <= 6.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Conversios.io Type Plugin Vulnerable versions = 6.5.3 Fixed in 6.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46094 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID fb9e0ece864f Credits Phd Required privilege Unauthenticated...

WordPress Social Media & Share Icons Plugin <= 2.8.5 is vulnerable to Sensitive Data Exposure

Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5070 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 041c1c8cf3d2 Credits Marco...

WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software EG-Attachments Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46070 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 04006798b0e0 Credits Le Ngoc Anh Required...

WordPress Custom post types Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Custom post types Type Plugin Vulnerable versions = 5.0.2 Fixed in 5.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32116 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de51dde21ff9 Credits Taihei Shimamine...

WordPress Ashe Extra Plugin <= 1.2.9 is vulnerable to Broken Access Control

Software Ashe Extra Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.92 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46079 Patch priority Low CVSS severity Low 5.4 Developer WProyal PSID 9a7abfde0bc8 Credits Jonas Höbenreich Required privilege...

WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)

Software Lava Directory Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46081 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f0161d7b2655 Credits Emili...

WordPress The Awesome Feed – Custom Feed Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Software The Awesome Feed – Custom Feed Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46077 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bf6946983fa1 Credits Nguy...

WordPress DX Delete Attached Media Plugin <= 2.0.5.1 is vulnerable to Broken Access Control

Software DX Delete Attached Media Type Plugin Vulnerable versions = 2.0.5.1 Fixed in 2.0.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46073 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 86e92ca0a83a Credits Abdi Pranata...

WordPress Broken Link Checker | Finder Plugin <= 2.4.2 is vulnerable to Broken Access Control

Software Broken Link Checker | Finder Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.5.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46082 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID cfffdd260ad0 Credits Abdi Prana...

WordPress is vulnerable to Broken Access Control

Software WordPress Type WordPress Core Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-39999 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 145475520c6c Credits Rafie Muhammad Patchstack...

WordPress RumbleTalk Live Group Chat Plugin <= 6.2.5 is vulnerable to Broken Access Control

Software RumbleTalk Live Group Chat Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45828 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 142311804af3 Credits Mika Require...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Arbitrary File Deletion

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Deletion CVE CVE-2023-5212 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID cac6c246df55 Credits Marco Wotschka Chloe Chamberland Require...

WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software CPT Shortcode Generator Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45644 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8bfa1d036efa Credits Lokesh Dachepalli...

WordPress Poll Maker Plugin <= 4.7.1 is vulnerable to Broken Access Control

Software Poll Maker Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45766 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 63dcd5a4b5a6 Credits Revan Arifio Required privilege...

WordPress HTML5 Maps Plugin <= 1.7.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software HTML5 Maps Type Plugin Vulnerable versions = 1.7.1.4 Fixed in 1.7.1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45650 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 414faf6d1725 Credits Mika Required...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5534 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dd9ca26e2bc4 Credits Marco Wotschka Required...

WordPress Eupago Gateway For Woocommerce Plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Eupago Gateway For Woocommerce Type Plugin Vulnerable versions = 3.1.9 Fixed in 3.1.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45638 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 84bb9fde48fb Credits...

WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Nexter Extension Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45750 Patch priority Medium CVSS severity Medium 7.1 Developer POSIMYTH Innovations PSID ad2209719d8d Credits Rafie...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Sensitive Data Exposure

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5254 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a08bb4253476 Credits Marco Wotschka Required privilege...

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Broken Access Control

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45760 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b4dc1c4ebd9c Credits RE-ALTER Required privilege...