WordPress Royal Elementor Addons Plugin <= 1.3.70 is vulnerable to Sensitive Data Exposure

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.70 Fixed in 1.3.71 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-3709 Patch priority Low CVSS severity Low 5.3 Developer WProyal PSID 0083800052cc Credits Ulyses Saicha Required...

WordPress RevivePress Plugin < 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software RevivePress Type Plugin Vulnerable versions 1.5.3 Fixed in 1.5.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e19b58dc50bd Credits Rafie Muhammad Patchstack Required...

WordPress Floating Awesome Button Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Floating Awesome Button Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.7.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a554276c1f96 Credits Rafie Muhammad Patchstac...

WordPress Security Ninja – Secure Firewall & Secure Malware Scanner Plugin < 5.159 is vulnerable to Cross Site Scripting (XSS)

Software Security Ninja – Secure Firewall & Secure Malware Scanner Type Plugin Vulnerable versions 5.159 Fixed in 5.159 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Security Ninja PSID 6acc36b932c4...

WordPress Video Embed & Thumbnail Generator Plugin < 4.8.11 is vulnerable to Cross Site Scripting (XSS)

Software Video Embed & Thumbnail Generator Type Plugin Vulnerable versions 4.8.11 Fixed in 4.8.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 593159c2fc96 Credits Rafie Muhammad...

WordPress WordPress Form Customizer | CF7 Customizer Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Form Customizer | CF7 Customizer Type Plugin Vulnerable versions = 1.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3a6ce9d015a7 Credits Rafie...

WordPress ProfileGrid Plugin <= 5.5.2 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3714 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 163433ba9759 Credits Lana Codes Required privilege...

WordPress Database Table Overview and Logs Plugin < 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Database Table Overview and Logs Type Plugin Vulnerable versions 1.1.0 Fixed in 1.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 43825b47431f Credits Rafie Muhammad...

WordPress MoceanAPI Abandoned Carts for WooCommerce Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software MoceanAPI Abandoned Carts for WooCommerce Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a4413625463e Credits Rafie...

WordPress Livemesh Addons for Beaver Builder Plugin < 3.3 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for Beaver Builder Type Plugin Vulnerable versions 3.3 Fixed in 3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a6176790d4e9 Credits Rafie Muhammad...

WordPress Add Tiktok Pixel for Tiktok ads (+Woocommerce) Plugin < 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Add Tiktok Pixel for Tiktok ads +Woocommerce Type Plugin Vulnerable versions 1.2.7 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 92194b39a569 Credits Rafie...

WordPress YourMembership Single Sign On Plugin <= 1.1.3 is vulnerable to Broken Access Control

Software YourMembership Single Sign On Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-37987 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9b1dfdc28505 Credits Aman Rawat...

WordPress Contact Form Generator Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Generator Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-37988 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4da7e4864bf8 Credits Arvandy...

WordPress Rank Math SEO Plugin <= 1.0.119 is vulnerable to Cross Site Scripting (XSS)

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.119 Fixed in 1.0.119.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32600 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fbe17eef0220 Credits Rafie Muhammad...

WordPress Slider a SlidersPack Plugin <= 2.0.2 is vulnerable to Broken Access Control

Software Slider a SlidersPack Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-46845 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b8f7f4a77e50 Credits Cat Required privilege...

WordPress Quiz And Survey Master Plugin <= 8.1.10 is vulnerable to Broken Access Control

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.10 Fixed in 8.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-37984 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 046309de9fe7 Credits qilin99 Required...

WordPress AnsPress – Question and answer Plugin <= 4.3.0 is vulnerable to Cross Site Scripting (XSS)

Software AnsPress – Question and answer Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34374 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8d2ef4a3a5f2 Credits Theodoro...

WordPress Falang multilanguage Plugin <= 1.3.39 is vulnerable to Cross Site Request Forgery (CSRF)

Software Falang multilanguage Type Plugin Vulnerable versions = 1.3.39 Fixed in 1.3.40 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-37968 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1920d648ac5e Credits Skalucy...

WordPress Grid Kit Premium Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Grid Kit Premium Type Plugin Vulnerable versions 2.2.0 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3292 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 75b7f5364596 Credits Erwan LR WPScan...

WordPress MF Gig Calendar Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software MF Gig Calendar Type Plugin Vulnerable versions = 1.2 Fixed in 1.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-37970 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dc50c5ee5e06 Credits Abdi Pranata Required...