WordPress Ebook Store Plugin <= 5.775 is vulnerable to Broken Authentication

Software Ebook Store Type Plugin Vulnerable versions = 5.775 Fixed in 5.78 OWASP Top 10 A5: Broken Access Control Classification Broken Authentication CVE CVE-2023-22701 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID eb6c903602b9 Credits yuyudhn Required privilege...

WordPress WP Docs Plugin <= 1.9.8 is vulnerable to Broken Access Control

Software WP Docs Type Plugin Vulnerable versions = 1.9.8 Fixed in 1.9.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30873 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3a97e9d9d358 Credits István Márton Required privilege...

WordPress Album Gallery – WordPress Gallery Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Album Gallery – WordPress Gallery Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23646 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 043c2f9c9d2e Credits...

WordPress Pearl Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pearl Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-38356 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 294baad52683 Credits István Márton Required...

WordPress vSlider Multi Image Slider for WordPress Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software vSlider Multi Image Slider for WordPress Type Plugin Vulnerable versions = 4.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-22672 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ebfb8daaae94...

WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to SQL Injection

Software Shortcode IMDB Type Plugin Vulnerable versions = 6.0.8 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47432 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID 90dd9be6ea07 Credits minhtuanact Required privilege Administrator Publish...

WordPress Table & Contact Form 7 Database – Tablesome Plugin < 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Table & Contact Form 7 Database – Tablesome Type Plugin Vulnerable versions 1.0.9 Fixed in 1.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1890 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 33f0514f48a5...

WordPress Google Analytics Top Content Widget Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Google Analytics Top Content Widget Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2015-10101 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 218b418ba3dd Credits...

WordPress BBSpoiler Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software BBSpoiler Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23873 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a837c2affda Credits István Márton Required privileg...

WordPress Photo Gallery by 10Web Plugin < 1.8.15 is vulnerable to Directory Traversal

Software Photo Gallery by 10Web Type Plugin Vulnerable versions 1.8.15 Fixed in 1.8.15 OWASP Top 10 A6: Security Misconfiguration Classification Directory Traversal CVE CVE-2023-1427 Patch priority Low CVSS severity Low 6.8 Developer Claim ownership PSID f915d3bc46f4 Credits Nguyen Huu Do Require...

WordPress Kaya QR Code Generator Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Kaya QR Code Generator Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30784 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6805ca51cf5 Credits Mika Required...

WordPress Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Software Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin Type Plugin Vulnerable versions = 1.9.6 Fixed in 1.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a01091ed9aa2...

WordPress YellowPencil Visual CSS Style Editor Plugin <= 7.5.8 is vulnerable to Cross Site Scripting (XSS)

Software YellowPencil Visual CSS Style Editor Type Plugin Vulnerable versions = 7.5.8 Fixed in 7.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-33961 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 3f9f31524979 Credits...

WordPress Photo Gallery by 10Web Plugin < 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions 1.8.3 Fixed in 1.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4058 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ee71d42f5999 Credits Krzysztof Zając...

WordPress Smart WooCommerce Search Plugin <= 2.5.0 is vulnerable to Broken Access Control

Software Smart WooCommerce Search Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30783 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 62fafaa98313 Credits István Márton Requir...

WordPress Vimeotheque Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Vimeotheque Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30498 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8e144c67d6a8 Credits Ivy TOOR, LISA Requir...

WordPress Blocksy Companion Plugin < 1.8.82 is vulnerable to Sensitive Data Exposure

Software Blocksy Companion Type Plugin Vulnerable versions 1.8.82 Fixed in 1.8.82 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-1911 Patch priority Medium CVSS severity Medium 4.3 Developer Creative Themes PSID a9848e95cc61 Credits Erwan LR WPScan...

WordPress Limit Login Attempts Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Limit Login Attempts Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1861 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID fec01c1cd5c8 Credits Marc-Alexandre...

WordPress ZM Ajax Login & Register Plugin <= 2.0.2 is vulnerable to Broken Authentication

Software ZM Ajax Login & Register Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2027 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a7a84ea1c32d Credits Lana Codes Required...

WordPress Quiz And Survey Master Plugin <= 8.1.4 is vulnerable to SQL Injection

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.4 Fixed in 8.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28787 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 34ea65c01c78 Credits Rafie Muhammad Patchstack Required...