WordPress Amelia Plugin <= 1.0.75 is vulnerable to Cross Site Scripting (XSS)

Software Amelia Type Plugin Vulnerable versions = 1.0.75 Fixed in 1.0.76 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29427 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5784c15e5a5a Credits minhtuanact Required...

WordPress Transbank Webpay REST Plugin <= 1.6.6 is vulnerable to SQL Injection

Software Transbank Webpay REST Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-27610 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID d271398a2afa Credits Mika Required privilege Administrator...

WordPress WCFM Marketplace Plugin <= 3.4.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software WCFM Marketplace Type Plugin Vulnerable versions = 3.4.12 Fixed in 3.5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4936 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13c6dc4f50f8 Credits Chloe Chamberland...

WordPress WCFM Membership Plugin <= 2.10.0 is vulnerable to Privilege Escalation

Software WCFM Membership Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2022-4939 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d39bb3379dad Credits Chloe Chamberland Required...

WordPress Ajax Search Pro Plugin < 4.26.2 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Search Pro Type Plugin Vulnerable versions 4.26.2 Fixed in 4.26.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1435 Patch priority High CVSS severity High 6.1 Developer Claim ownership PSID 019181a32a8a Credits Erwan LR Required...

WordPress YourChannel: Everything you want in a YouTube Plugin <= 1.2.3 is vulnerable to Broken Access Control

Software YourChannel: Everything you want in a YouTube Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1868 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID b65addd676af Credit...

WordPress Add User Role Plugin < 1.6.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Add User Role Type Plugin Vulnerable versions 1.6.7 Fixed in 1.6.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0820 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7eb1f185c259 Credits dc11 Required privilege...

WordPress Product Enquiry for WooCommerce Plugin <= 2.2.12 is vulnerable to Cross Site Scripting (XSS)

Software Product Enquiry for WooCommerce Type Plugin Vulnerable versions = 2.2.12 Fixed in 2.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29170 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b43cae5ebb34 Credits Myung...

WordPress Welcome Bar Plugin <= 2.0.3 is vulnerable to Broken Access Control

Software Welcome Bar Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 1616e8eeba7b Credits WordFence Required privilege Subscribe...

WordPress PropertyHive Plugin <= 1.5.46 is vulnerable to Cross Site Scripting (XSS)

Software PropertyHive Type Plugin Vulnerable versions = 1.5.46 Fixed in 1.5.47 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29172 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1f09421dbd25 Credits minhtuanact Requir...

WordPress Conditional extra fees for woocommerce Plugin <= 1.0.96 is vulnerable to Cross Site Scripting (XSS)

Software Conditional extra fees for woocommerce Type Plugin Vulnerable versions = 1.0.96 Fixed in 1.0.97 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29093 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 14551fbb2b7d Credit...

WordPress Easy Quiz Maker Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Easy Quiz Maker Type Plugin Vulnerable versions = 1.5 Fixed in 2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 43ad93965d09 Credits Unknown Required privilege...

WordPress Coupon Affiliates Plugin <= 5.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Coupon Affiliates Type Plugin Vulnerable versions = 5.4.3 Fixed in 5.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28992 Patch priority Medium CVSS severity Medium 7.1 Developer RelyWP PSID 3cc060340a7c Credits thiennv Required privile...

WordPress Really Simple Google Tag Manager Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Really Simple Google Tag Manager Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23801 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0e8a9934df4f Credits...

WordPress Viral Mag Theme <= 1.0.9 is vulnerable to Broken Authentication

Software Viral Mag Type Theme Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-28990 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b28f73fc2c08 Credits Dave Jong Patchstack Required...

WordPress Zippy Plugin <= 1.6.1 is vulnerable to Sensitive Data Exposure

Software Zippy Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-26533 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 652b24a2c5be Credits Junsu Yeo Required privilege...

WordPress Gift Vouchers Plugin <= 4.3.2 is vulnerable to SQL Injection

Software Gift Vouchers Type Plugin Vulnerable versions = 4.3.2 Fixed in 4.3.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28662 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 00c7c58f5f8a Credits Joshua Martinelle Required privilege...

WordPress TF Random Numbers Plugin < 2.0.1 is vulnerable to Broken Access Control

Software TF Random Numbers Type Plugin Vulnerable versions 2.0.1 Fixed in 2.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0889 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 611153a666ff Credits dc11 Required privilege...

WordPress WP Meta SEO Plugin < 4.5.5 is vulnerable to Deserialization of untrusted data

Software WP Meta SEO Type Plugin Vulnerable versions 4.5.5 Fixed in 4.5.5 OWASP Top 10 A1: Injection Classification Deserialization of untrusted data CVE CVE-2023-1381 Patch priority Medium CVSS severity Medium 6.6 Developer Claim ownership PSID 9880ffba76ab Credits Alex Sanford Required privileg...

WordPress HappyFiles Pro Plugin <= 1.8.1 is vulnerable to Broken Access Control

Software HappyFiles Pro Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25445 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 518a5cea4b57 Credits Dave Jong Patchstack...