WordPress video carousel slider with lightbox Plugin <= 1.0.22 is vulnerable to Cross Site Scripting (XSS)

Software video carousel slider with lightbox Type Plugin Vulnerable versions = 1.0.22 Fixed in 1.0.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32797 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 914412fc8def...

WordPress Custom 404 Pro Plugin <= 3.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom 404 Pro Type Plugin Vulnerable versions = 3.8.1 Fixed in 3.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32740 Patch priority Medium CVSS severity Medium 5.8 Developer Kunal Nagar PSID 5d146d112b61 Credits LEE SE HYOUNG...

WordPress WP SMS Plugin <= 6.1.4 is vulnerable to Cross Site Scripting (XSS)

Software WP SMS Type Plugin Vulnerable versions = 6.1.4 Fixed in 6.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32742 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID aa3cfae9ba33 Credits Le Ngoc Anh Required...

WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software AutomateWoo Type Plugin Vulnerable versions = 5.7.1 Fixed in 5.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32745 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2ce50834e16e Credits Rafie Muhammad Patchsta...

WordPress WP Multi Store Locator Plugin <= 2.4.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Multi Store Locator Type Plugin Vulnerable versions = 2.4.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0152 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID dcc1d96fdaf2 Credits Lana Codes...

WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Bookings Type Plugin Vulnerable versions = 1.15.78 Fixed in 1.15.79 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-32747 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 81006e449dea Credits Raf...

WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Donations Made Easy – Smart Donations Type Plugin Vulnerable versions = 4.0.12 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32603 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a8415256cc6f...

WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25981 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 00a2c7a49e64 Credits István Márton Required...

WordPress Elementor Website Builder Plugin <= 3.13.1 is vulnerable to Broken Access Control

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.13.1 Fixed in 3.13.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Elementor PSID 95f606d4bd1b Credits N/A Required privilege...

WordPress Quick Page/Post Redirect Plugin <= 5.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Quick Page/Post Redirect Type Plugin Vulnerable versions = 5.2.3 Fixed in 5.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25063 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 28b05154c93f Credits Justiice...

WordPress WP Reactions Lite Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Reactions Lite Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32587 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b436a9de7ad3 Credits István Márton...

WordPress Bookly Plugin <= 21.7.1 is vulnerable to Arbitrary File Deletion

Software Bookly Type Plugin Vulnerable versions = 21.7.1 Fixed in 21.8 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-26526 Patch priority Medium CVSS severity Medium 7.7 Developer Claim ownership PSID a06cfd6ac407 Credits Rafie Muhammad Patchstack...

WordPress 10Web Social Post Feed Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software 10Web Social Post Feed Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 73c5db117428 Credits Unknown Required privileg...

WordPress Custom 404 Pro Plugin < 3.7.3 is vulnerable to Cross Site Scripting (XSS)

Software Custom 404 Pro Type Plugin Vulnerable versions 3.7.3 Fixed in 3.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2023 Patch priority High CVSS severity High 7.1 Developer Kunal Nagar PSID f5c6964d03e8 Credits Chien Vuong Required privileg...

WordPress Loginizer Plugin <= 1.7.8 is vulnerable to Cross Site Scripting (XSS)

Software Loginizer Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.7.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2296 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 867402dd8b92 Credits Erwan LR WPScan Required...

WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Dyslexiefont Free Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32589 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fb7c8442b1dc Credits Yash Kanchhal...

WordPress Portfolio Gallery – Responsive Image Gallery Plugin <= 1.4.6 is vulnerable to Broken Access Control

Software Portfolio Gallery – Responsive Image Gallery Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32585 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 46edb5a7cfb0 Credit...

WordPress Injection Guard Plugin <= 1.2.1 is vulnerable to Broken Access Control

Software Injection Guard Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32574 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1c70e6bd7c94 Credits Abdi Pranata Required privile...

WordPress WoodMart Theme <= 7.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WoodMart Type Theme Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32239 Patch priority Medium CVSS severity Medium 5.4 Developer Xtemos PSID 157d641b350c Credits Dave Jong Patchstack Required...

WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control

Software Forget About Shortcode Buttons Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32579 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 97c2cfa92f61 Credits István Márton...