WordPress Product Category Showcase for WooCommerce Plugin <= 1.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Product Category Showcase for WooCommerce Type Plugin Vulnerable versions = 1.1.9 Fixed in 2.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e261a353a568...

WordPress WooCommerce Conversion Tracking Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce Conversion Tracking Type Plugin Vulnerable versions = 2.0.10 Fixed in 2.0.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4ebb849878be Credits...

WordPress Export Import Menus Plugin <= 1.8.0 is vulnerable to Arbitrary File Upload

Software Export Import Menus Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.9.0 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Upload CVE CVE-2023-34385 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 784df5b05bad Credits Emili Castells...

WordPress Attorney Theme <= 3 is vulnerable to Cross Site Scripting (XSS)

Software Attorney Type Theme Vulnerable versions = 3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41692 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 18e026d95aab Credits Mika Required privilege...

WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software User Feedback Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-39308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4cad82df326d Credits Revan Arifio Required privilege...

WordPress WP Project Manager Plugin <= 2.6.0 is vulnerable to SQL Injection

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-34383 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 02d3661940eb Credits Theodoros Malachias Required privilege...

WordPress GiveWP Plugin <= 2.33.0 is vulnerable to Privilege Escalation

Software GiveWP Type Plugin Vulnerable versions = 2.33.0 Fixed in 2.33.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-41665 Patch priority High CVSS severity High 7.2 Developer Liquid Web / StellarWP PSID db573163f3a2 Credits Rafie...

WordPress WRC Pricing Tables Plugin <= 2.3.7 is vulnerable to Broken Access Control

Software WRC Pricing Tables Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32293 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID eca354e9c6c2 Credits Abdi Pranata Required...

WordPress TelSender Plugin <= 1.14.11 is vulnerable to Broken Access Control

Software TelSender Type Plugin Vulnerable versions = 1.14.11 Fixed in 1.14.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-41683 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 00112e7933e5 Credits Abdi Pranata Required privilege...

WordPress Prevent files / folders access Plugin < 2.5.2 is vulnerable to Arbitrary File Upload

Software Prevent files / folders access Type Plugin Vulnerable versions 2.5.2 Fixed in 2.5.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-4238 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID e9cca307cf55 Credits Dmitrii Required privilege...

WordPress WP Bannerize Pro Plugin <= 1.6.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Bannerize Pro Type Plugin Vulnerable versions = 1.6.9 Fixed in 1.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41663 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 77839e376c07 Credits thiennv Required...

WordPress authLdap Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software authLdap Type Plugin Vulnerable versions = 2.5.8 Fixed in 2.5.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41654 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID efe4321d7644 Credits Rio Darmawan Required...

WordPress Surfer Plugin <= 1.3.2.357 is vulnerable to Broken Access Control

Software Surfer Type Plugin Vulnerable versions = 1.3.2.357 Fixed in 1.3.3.379 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-35037 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID fee59b89530e Credits Jonas Höbenreich Required...

WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to SQL Injection

Software RSVPMarker Type Plugin Vulnerable versions = 10.6.6 Fixed in 10.6.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-41652 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 534a157bfa29 Credits Ravi Dharmawan Required privilege Unauthenticated...

WordPress All-in-One WP Migration Box Extension Plugin <= 1.53 is vulnerable to Broken Access Control

Software All-in-One WP Migration Box Extension Type Plugin Vulnerable versions = 1.53 Fixed in 1.54 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 2ca675b8186e Credits Rafie...

WordPress All-in-One WP Migration Google Drive Extension Plugin <= 2.79 is vulnerable to Broken Access Control

Software All-in-One WP Migration Google Drive Extension Type Plugin Vulnerable versions = 2.79 Fixed in 2.80 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID a77f536f8693 Credit...

WordPress Arya Multipurpose Pro Theme <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Arya Multipurpose Pro Type Theme Vulnerable versions = 1.0.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41237 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 17b111a67e25 Credits László Radnai...

WordPress Slimstat Analytics Plugin <= 5.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4597 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5f7946c39456 Credits István Márton Requir...

WordPress Forminator Plugin <= 1.24.6 is vulnerable to Arbitrary File Upload

Software Forminator Type Plugin Vulnerable versions = 1.24.6 Fixed in 1.25.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-4596 Patch priority High CVSS severity High 9.8 Developer WPMU DEV PSID c13bf0eea10b Credits mehmet Required privilege Unauthenticated Publishe...

WordPress SureCart Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software SureCart Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-41241 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c666aa75b4dc Credits emad Required privilege Administrator Publish...