WordPress ChatBot Plugin <= 4.8.9 is vulnerable to SQL Injection

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5204 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d9d43b0258cf Credits Marco Wotschka Required privilege Unauthenticated...

WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Report Post Type Plugin Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45769 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d5598e546cea Credits Ivy TOOR, LISA...

WordPress EventPrime Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45637 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7c19ecb3f3a7 Credits Phd Required privilege Unauthenticated...

WordPress Simple URLs Plugin <= 120 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple URLs Type Plugin Vulnerable versions = 120 Fixed in 121 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45606 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8dcb8acc03a Credits Mika Required privilege...

WordPress Campaign Monitor Forms Plugin < 2.5.6 is vulnerable to Broken Access Control

Software Campaign Monitor Forms Type Plugin Vulnerable versions 2.5.6 Fixed in 2.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-5098 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 224fc6fd923e Credits Francesco Marano...

WordPress WordPress Backup & Migration Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software WordPress Backup & Migration Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45636 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e1fb36cf7cf2 Credits Abdi Prana...

WordPress Fattura24 Plugin < 6.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Fattura24 Type Plugin Vulnerable versions 6.2.8 Fixed in 6.2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5211 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0ad9cd39b4a8 Credits Enrico Marcolini Claudio...

WordPress Responsive Tabs Plugin < 4.0.6 is vulnerable to Content Injection

Software Responsive Tabs Type Plugin Vulnerable versions 4.0.6 Fixed in 4.0.6 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2023-45635 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bf3a377a744c Credits Abdi Pranata Required privilege Contributor...

WordPress Get Custom Field Values Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Get Custom Field Values Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45604 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8b0df9061359 Credits Satoo Nakano Required privilege...

WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload

Software User Submitted Posts Type Plugin Vulnerable versions = 20230902 Fixed in 20230914 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-45603 Patch priority High CVSS severity High 9 Developer Claim ownership PSID b7d676bf7c95 Credits Rafie Muhammad Patchstack...

WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Popular Posts Type Plugin Vulnerable versions = 6.3.2 Fixed in 6.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45607 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1c445e00e39 Credits Rafie Muhammad Patchstack...

WordPress GoodBarber Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)

Software GoodBarber Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45107 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 54aa1d490fb5 Credits Mika Required privileg...

WordPress Mailrelay Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mailrelay Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45108 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19213d6f5e3d Credits Mika Required privilege...

WordPress WPGetAPI Plugin 2.1.0-2.2.1 is vulnerable to Broken Access Control

Software WPGetAPI Type Plugin Vulnerable versions 2.1.0-2.2.1 Fixed in 2.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID ca2d9e4727c6 Credits Unknown Required privilege Subscriber...

WordPress Copy Or Move Comments Plugin <= 5.0.4 is vulnerable to SQL Injection

Software Copy Or Move Comments Type Plugin Vulnerable versions = 5.0.4 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28748 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c441c723b0a4 Credits minhtuanact Required privilege Subscriber...

WordPress OPcache Dashboard Plugin <= 0.3.1 is vulnerable to Cross Site Scripting (XSS)

Software OPcache Dashboard Type Plugin Vulnerable versions = 0.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45064 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 88a7f0a12d7e Credits LEE SE HYOUNG...

WordPress WP User Frontend Plugin <= 3.6.8 is vulnerable to Broken Access Control

Software WP User Frontend Type Plugin Vulnerable versions = 3.6.8 Fixed in 3.6.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45002 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bd6150300c70 Credits Abdi Pranata Required...

WordPress Dropshipping & Affiliation with Amazon Plugin <= 2.1.2 is vulnerable to Arbitrary File Upload

Software Dropshipping & Affiliation with Amazon Type Plugin Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-31215 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fe2de1908435 Credits spacecroupier...

WordPress Video Gallery – YouTube Gallery Plugin <= 2.2.5 is vulnerable to SQL Injection

Software Video Gallery – YouTube Gallery Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-45069 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3d253c27c06d Credits Ravi Dharmawan Required privilege...

WordPress canvasio3D Light Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software canvasio3D Light Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45062 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a3783fd52d4 Credits thiennv Required...