WordPress PhonePe Payment Solutions Plugin <= 1.0.15 is vulnerable to Server Side Request Forgery (SSRF)

Software PhonePe Payment Solutions Type Plugin Vulnerable versions = 1.0.15 Fixed in 2.0.0 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-45835 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 91a25d420946 Credits Aman Rawat...

WordPress UpdraftPlus Plugin <= 1.22.24 is vulnerable to Sensitive Data Exposure

Software UpdraftPlus Type Plugin Vulnerable versions = 1.22.24 Fixed in 1.23.1 OWASP Top 10 A5: Broken Access Control Classification Sensitive Data Exposure CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 8fed8919edba Credits Unknown Required privilege...

WordPress Popup box Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Popup box Type Plugin Vulnerable versions = 3.4.4 Fixed in 3.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27414 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 356c29098000 Credits Nguyen Xuan Chien...

WordPress Postmatic Plugin < 2.2.10 is vulnerable to PHP Object Injection

Software Postmatic Type Plugin Vulnerable versions 2.2.10 Fixed in 2.2.10 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-4265 Patch priority High CVSS severity High 7.4 Developer Claim ownership PSID 96f8ea22622f Credits Lana Codes Required privilege Subscriber...

WordPress WooCommerce Checkout Field Manager Plugin < 18.0 is vulnerable to Arbitrary File Upload

Software WooCommerce Checkout Field Manager Type Plugin Vulnerable versions 18.0 Fixed in 18.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2022-4328 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8dcb3ac5c4ef Credits cydave Required privilege...

WordPress Shortcodes Ultimate Plugin < 5.12.8 is vulnerable to Sensitive Data Exposure

Software Shortcodes Ultimate Type Plugin Vulnerable versions 5.12.8 Fixed in 5.12.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0911 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 466e8901614e Credits Erwan LR WPScan Requir...

WordPress Smart Slider 3 Plugin < 3.5.1.14 is vulnerable to Cross Site Scripting (XSS)

Software Smart Slider 3 Type Plugin Vulnerable versions 3.5.1.14 Fixed in 3.5.1.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0660 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 008134aaa2eb Credits Erwan LR WPScan...

WordPress HT Slider For Elementor Plugin < 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software HT Slider For Elementor Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0495 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fea57db2be31 Credits Lana Codes...

WordPress HT Portfolio Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software HT Portfolio Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0497 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3421d1e706d1 Credits Lana Codes Required...

WordPress DecaLog Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software DecaLog Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27444 Patch priority Low CVSS severity Low 4.3 Developer PerfOps One PSID 721ad967e10d Credits Mika Required privilege...

WordPress Namaste! LMS Plugin < 2.6 is vulnerable to Cross Site Scripting (XSS)

Software Namaste! LMS Type Plugin Vulnerable versions 2.6 Fixed in 2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0844 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5f40301e0581 Credits Alex Sanford Required privilege...

WordPress Resume Builder Plugin <= 3.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Resume Builder Type Plugin Vulnerable versions = 3.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0078 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 20cd873c2df4 Credits Lana Codes Required...

WordPress Download Attachments Plugin <= 1.2.24 is vulnerable to Cross Site Scripting (XSS)

Software Download Attachments Type Plugin Vulnerable versions = 1.2.24 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0076 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d4020e1c310d Credits Lana Codes...

WordPress Total Poll Lite Plugin <= 4.8.6 is vulnerable to Broken Access Control

Software Total Poll Lite Type Plugin Vulnerable versions = 4.8.6 Fixed in 4.8.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-27449 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 02f4127c29b8 Credits Mika Required privilege...

WordPress Admin CSS MU Plugin <= 2.6 is vulnerable to Server Side Request Forgery (SSRF)

Software Admin CSS MU Type Plugin Vulnerable versions = 2.6 Fixed in 2.7 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID f8576e8732f6 Credits Dave Jong Patchstack Required privile...

WordPress UpQode Google Maps Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software UpQode Google Maps Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0094 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 983dbcd3ed03 Credits Lana Codes Requir...

WordPress Advanced Recent Posts Plugin <= 0.6.14 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Recent Posts Type Plugin Vulnerable versions = 0.6.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0212 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 40ae855e2918 Credits Lana Codes...

WordPress Manage Upload Limit Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Manage Upload Limit Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27432 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 123b5c238ef2 Credits Mahesh Nagabhairava...

WordPress Synved Shortcodes Plugin <= 1.6.36 is vulnerable to Cross Site Scripting (XSS)

Software Synved Shortcodes Type Plugin Vulnerable versions = 1.6.36 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0063 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 97249fb0c45f Credits Lana Codes Requir...

WordPress Elegant Custom Fonts Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Elegant Custom Fonts Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27436 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e6a5548377b4 Credits Rio Darmawan...