WordPress MyCryptoCheckout Plugin < 2.124 is vulnerable to Cross Site Scripting (XSS)

Software MyCryptoCheckout Type Plugin Vulnerable versions 2.124 Fixed in 2.124 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1546 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b58e27663e61 Credits Pablo Sanchez Required...

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.25 is vulnerable to Cross Site Scripting (XSS)

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.25 Fixed in 4.9.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1978 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dde7717ec078...

WordPress Drag and Drop Multiple File Upload PRO Plugin < 5.0.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Drag and Drop Multiple File Upload PRO Type Plugin Vulnerable versions 5.0.6.4 Fixed in 5.0.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1282 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 21c6dea8a7cd Credi...

WordPress Blogger Buzz Theme <= 1.2.2 is vulnerable to Broken Access Control

Software Blogger Buzz Type Theme Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30476 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b1de090398f6 Credits Dave Jong Patchstack Required...

WordPress FooGallery Plugin <= 2.2.35 is vulnerable to Cross Site Scripting (XSS)

Software FooGallery Type Plugin Vulnerable versions = 2.2.35 Fixed in 2.2.41 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29439 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6955856030c5 Credits LOURCODE Required...

WordPress SupportCandy Plugin < 3.1.5 is vulnerable to SQL Injection

Software SupportCandy Type Plugin Vulnerable versions 3.1.5 Fixed in 3.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1730 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 07f317999cc8 Credits dc11 Required privilege Unauthenticated Published 13...

WordPress Download Manager Plugin 5.0.0-6.2.9 is vulnerable to Sensitive Data Exposure

Software Download Manager Type Plugin Vulnerable versions 5.0.0-6.2.9 Fixed in 6.3.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-1809 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 59ef71547191 Credits Johan Kragt Required...

WordPress Product Catalog Feed by PixelYourSite Plugin < 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Product Catalog Feed by PixelYourSite Type Plugin Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1805 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e27f0a1e6a1c Credits...

WordPress Square Theme <= 2.0.0 is vulnerable to Broken Access Control

Software Square Type Theme Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30486 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6813b5262bc4 Credits Dave Jong Patchstack Required privilege...

WordPress Waiting: One-click countdowns Plugin <= 0.6.2 is vulnerable to SQL Injection

Software Waiting: One-click countdowns Type Plugin Vulnerable versions = 0.6.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28659 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID bd389c037bcc Credits Joshua Martinelle Tenable Research...

WordPress Forminator Plugin <= 1.22.1 is vulnerable to Broken Access Control

Software Forminator Type Plugin Vulnerable versions = 1.22.1 Fixed in 1.23.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 5.4 Developer WPMU DEV PSID 38229dd9fbd0 Credits Unknown Required privilege Subscriber...

WordPress Pricing Tables For WPBakery Page Builder Plugin < 3.0 is vulnerable to Cross Site Scripting (XSS)

Software Pricing Tables For WPBakery Page Builder Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0367 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3359d5d482fd Credits...

WordPress Slimstat Analytics Plugin < 4.9.4 is vulnerable to SQL Injection

Software Slimstat Analytics Type Plugin Vulnerable versions 4.9.4 Fixed in 4.9.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 15c6f41fc9e5 Credits PluginVulnerabilities Required privilege Subscriber...

WordPress Meta Slider Plugin <= 3.29.0 is vulnerable to Cross Site Scripting (XSS)

Software Meta Slider Type Plugin Vulnerable versions = 3.29.0 Fixed in 3.29.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1473 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID da45ef75e742 Credits Erwan LR WPScan Required...

WordPress Video Central Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Video Central Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0418 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6114cbd9fcb5 Credits Lana Codes Required...

WordPress Zyrex Popup Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Zyrex Popup Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0924 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 902b3bcce78c Credits Yogesh Verma Required privilege Administrator...

WordPress MS-Reviews Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software MS-Reviews Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0424 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 3c9df93ac5de Credits Rio Darmawan Required privilege...

WordPress PowerPress Podcasting Plugin <= 10.0 is vulnerable to Cross Site Scripting (XSS)

Software PowerPress Podcasting Type Plugin Vulnerable versions = 10.0 Fixed in 10.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1917 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2e844f252ce9 Credits Alex Thomas...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin < 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28664 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 65753b42e2e6...

WordPress Gallery Plugin < 4.7.0 is vulnerable to SQL Injection

Software Gallery Type Plugin Vulnerable versions 4.7.0 Fixed in 4.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0765 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 85ca584ad7e5 Credits dc11 Required privilege Author Published 12 April, 2023...