WordPress Booking Manager Plugin < 2.0.29 is vulnerable to Server Side Request Forgery (SSRF)

Software Booking Manager Type Plugin Vulnerable versions 2.0.29 Fixed in 2.0.29 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-1977 Patch priority High CVSS severity High 6.4 Developer Claim ownership PSID dc7cead73df5 Credits Shreya Pohekar...

WordPress Points and Rewards for WooCommerce Plugin <= 1.5.0 is vulnerable to Broken Access Control

Software Points and Rewards for WooCommerce Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.6.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-27608 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9fa3c23ff647 Credits Dave...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1843 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID b16a58b44328 Credits Marco Wotschka...

WordPress Booking Ultra Pro Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32236 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 00fb8bbc9f88 Credits Team WeBoB...

WordPress TheGem (Elementor) Theme < 5.8.1.1 is vulnerable to Cross Site Scripting (XSS)

Software TheGem Elementor Type Theme Vulnerable versions 5.8.1.1 Fixed in 5.8.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32237 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 54db6f410b09 Credits Dave Jong Patchstack...

WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Other Vulnerability Type

Software Multi Rating Type Plugin Vulnerable versions = 5.0.6 Fixed in N/A OWASP Top 10 A1: Injection Classification Other Vulnerability Type CVE CVE-2023-32127 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 84e75518f454 Credits yuyudhn Required privilege Unauthenticated...

WordPress WP Directory Kit Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software WP Directory Kit Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2280 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 56684d930e16 Credits WordFence Required privileg...

WordPress Manager for Icomoon Plugin <= 2.0 is vulnerable to Arbitrary File Upload

Software Manager for Icomoon Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-29386 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 0add1822a9fe Credits deokhunKim Required privilege Administrat...

WordPress Spiffy Calendar Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.3 Fixed in 4.9.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32122 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 27fe48000742 Credits LEE SE HYOUNG...

WordPress WPO365 | Mail Integration for Office 365 / Outlook Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)

Software WPO365 | Mail Integration for Office 365 / Outlook Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32119 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID...

WordPress WPPizza Plugin <= 3.17.1 is vulnerable to Cross Site Scripting (XSS)

Software WPPizza Type Plugin Vulnerable versions = 3.17.1 Fixed in 3.17.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32105 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 82b4feb29bbf Credits Le Ngoc Anh Required...

WordPress FV Flowplayer Video Player Plugin <= 7.5.32.7212 is vulnerable to Cross Site Scripting (XSS)

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.32.7212 Fixed in 7.5.35.7212 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30499 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 08f2f9dc3464...

WordPress Albo Pretorio Online Plugin <= 4.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Albo Pretorio Online Type Plugin Vulnerable versions = 4.6.3 Fixed in 4.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32109 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 17b880fb4602 Credits Phd Required...

WordPress Ko-fi Button Plugin < 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Ko-fi Button Type Plugin Vulnerable versions 1.3.3 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2254 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID af182fbd1aaa Credits Felipe Restrepo Rodriguez...

WordPress YARPP Plugin < 5.30.3 is vulnerable to SQL Injection

Software YARPP Type Plugin Vulnerable versions 5.30.3 Fixed in 5.30.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0579 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 014062b014de Credits Erwan LR WPScan Required privilege Subscriber Published 3...

WordPress Tiempo.com Plugin <= 0.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Tiempo.com Type Plugin Vulnerable versions = 0.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2272 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 05252127f46c Credits Erwan LR WPScan Required...

WordPress Library Viewer Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Library Viewer Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32102 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0ff4626c41da Credits Mika Required...

WordPress URL Params Plugin < 2.5 is vulnerable to Cross Site Scripting (XSS)

Software URL Params Type Plugin Vulnerable versions 2.5 Fixed in 2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0274 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c07bdc476562 Credits Lana Codes Required privilege...

WordPress JupiterX Theme <= 3.0.0 is vulnerable to Local File Inclusion

Software JupiterX Type Theme Vulnerable versions = 3.0.0 Fixed in 3.1.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-32110 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 5d8f9e2208af Credits Rafie Muhammad Patchstack Required privilege...

WordPress Advanced Custom Fields PRO Plugin < 6.1.0 is vulnerable to PHP Object Injection

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.1.0 Fixed in 6.1.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1196 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 322be262bcd9 Credits Nguyen Huu Do Required...