WordPress Everest News Pro Theme <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Everest News Pro Type Theme Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41235 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5fee490dcfb6 Credits László Radnai...

WordPress LuckyWP Scripts Control Plugin <= 1.2.1 is vulnerable to Broken Access Control

Software LuckyWP Scripts Control Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-29239 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e65baeeaa808 Credits Elliot Required...

WordPress Herd Effects Plugin < 5.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Herd Effects Type Plugin Vulnerable versions 5.2.4 Fixed in 5.2.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4318 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c6da81b7acf Credits Erwan LR WPScan Required...

WordPress URL Shortify Plugin < 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software URL Shortify Type Plugin Vulnerable versions 1.7.6 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4294 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 91200df1978f Credits Bartlomiej Marek and...

WordPress WP VK Plugin < 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP VK Type Plugin Vulnerable versions 1.3.4 Fixed in 1.3.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35c374f0a596 Credits WordFence Required privilege Unauthenticat...

WordPress WP Adminify Plugin < 3.1.6 is vulnerable to Cross Site Scripting (XSS)

Software WP Adminify Type Plugin Vulnerable versions 3.1.6 Fixed in 3.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4060 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5e42dd53e8bc Credits dipak panchal Required privile...

WordPress Premmerce User Roles Plugin <= 1.0.12 is vulnerable to Broken Access Control

Software Premmerce User Roles Type Plugin Vulnerable versions = 1.0.12 Fixed in 1.0.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41130 Patch priority High CVSS severity High 8.1 Developer Premmerce PSID 8954c8b59cab Credits Nguyen Xuan Chien Required...

WordPress Min Max Control Plugin < 4.6 is vulnerable to Cross Site Scripting (XSS)

Software Min Max Control Type Plugin Vulnerable versions 4.6 Fixed in 4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4270 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f355d50b63c9 Credits Animesh Gaurav Required...

WordPress Charitable Plugin <= 1.7.0.12 is vulnerable to Privilege Escalation

Software Charitable Type Plugin Vulnerable versions = 1.7.0.12 Fixed in 1.7.0.13 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2023-4404 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 52fac3028e4c Credits István Márton Required privilege...

WordPress Slimstat Analytics Plugin <= 5.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.8 Fixed in 5.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40676 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 02d370df713c Credits Rio Darmawan Require...

WordPress JupiterX Core Plugin <= 3.3.8 is vulnerable to Privilege Escalation

Software JupiterX Core Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.4.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-38389 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID bb67776164d1 Credits Rafie...

WordPress Save as Image plugin by Pdfcrowd Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS)

Software Save as Image plugin by Pdfcrowd Type Plugin Vulnerable versions = 2.16.0 Fixed in 2.16.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40665 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cfe00b0b6985 Credits Mahe...

WordPress Cookies and Content Security Policy Plugin <= 2.15 is vulnerable to Sensitive Data Exposure

Software Cookies and Content Security Policy Type Plugin Vulnerable versions = 2.15 Fixed in 2.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-40662 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1727f4bf0e4c Credits Mika...

WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Donations Made Easy – Smart Donations Type Plugin Vulnerable versions = 4.0.12 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40664 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f2b34d09c3af...

WordPress Smart SEO Tool Plugin < 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smart SEO Tool Type Plugin Vulnerable versions 4.0.2 Fixed in 4.0.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7f5302fb053b Credits WordFence Required privilege...

WordPress Paid Memberships Pro CCBill Gateway Plugin <= 0.3 is vulnerable to Broken Access Control

Software Paid Memberships Pro CCBill Gateway Type Plugin Vulnerable versions = 0.3 Fixed in 0.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40608 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 6824186fd879 Credits Rafie Muhamma...

WordPress Cleverwise Daily Quotes Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)

Software Cleverwise Daily Quotes Type Plugin Vulnerable versions = 3.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40335 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7426d5f651a3 Credits Yuki Haruma...

WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS)

Software RSVPMarker Type Plugin Vulnerable versions = 10.6.6 Fixed in 10.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27616 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c71696c6cb5c Credits Muhammad Arsalan...

WordPress Cafe Bistro Theme < 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Cafe Bistro Type Theme Vulnerable versions 1.1.4 Fixed in 1.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2813 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3a3a8d627eab Credits Random Robbie Required...

WordPress Contact form 7 Custom validation Plugin <= 1.1.3 is vulnerable to SQL Injection

Software Contact form 7 Custom validation Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-40609 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID b7c9ad699602 Credits minhtuanact Required privilege...