WordPress Cookie Notice & Compliance for GDPR / CCPA Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Cookie Notice & Compliance for GDPR / CCPA Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24400 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8398d2893fb7...

WordPress Real Estate 7 Theme <= 3.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Real Estate 7 Type Theme Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 17be44a53b30 Credits RE-ALTER Required privilege...

WordPress Real Estate 7 Theme <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Real Estate 7 Type Theme Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID af68aef80259 Credits RE-ALTER Required privilege...

WordPress WP SMS Plugin <= 6.0.4 is vulnerable to Sensitive Data Exposure

Software WP SMS Type Plugin Vulnerable versions = 6.0.4 Fixed in 6.0.4.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-27447 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID d5718eb41b4b Credits Jarko Piironen Required...

WordPress DeepL Pro API translation Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software DeepL Pro API translation Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27446 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6431a2bd8a82 Credits Mika...

WordPress JCH Optimize Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Software JCH Optimize Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25491 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0051eec0a90c Credits Rio Darmawan Required...

WordPress OAuth Server Plugin < 4.3.0 is vulnerable to Broken Access Control

Software OAuth Server Type Plugin Vulnerable versions 4.3.0 Fixed in 4.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4148 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 20d9eb3b6ea8 Credits Lana Codes Required privilege...

WordPress WC Sales Notification Plugin < 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WC Sales Notification Type Plugin Vulnerable versions 1.2.3 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1087 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 359b32e62cb7 Credits WPScan Required...

WordPress ProfileGrid Plugin < 5.3.1 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions 5.3.1 Fixed in 5.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0940 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0809f414e629 Credits dc11 Required privilege Subscriber...

WordPress Paid Memberships Pro Plugin <= 2.9.11 is vulnerable to SQL Injection

Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.9.11 Fixed in 2.9.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0631 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID c680ed84c0a0 Credits Marc Montpas Required privilege Subscribe...

WordPress GS Insever Portfolio Plugin < 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Software GS Insever Portfolio Type Plugin Vulnerable versions 1.4.5 Fixed in 1.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0539 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fa5f4f60b861 Credits Lana Codes...

WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Debug Assistant Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-26516 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 29fe448c29d4 Credits Prasanna V Balaji...

WordPress GigPress Plugin <= 2.3.28 is vulnerable to SQL Injection

Software GigPress Type Plugin Vulnerable versions = 2.3.28 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0381 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 621aa3005525 Credits Erwan LR WPScan Required privilege Subscriber Published ...

WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Debug Assistant Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26527 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a881348f2d40 Credits Prasanna V Balaji Required...

WordPress WP Repost Plugin <= 0.1 is vulnerable to Broken Access Control

Software WP Repost Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-26522 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID c4bf9e1aa104 Credits Prasanna V Balaji Required privilege...

WordPress Search in Place Plugin <= 1.0.104 is vulnerable to Other Vulnerability Type

Software Search in Place Type Plugin Vulnerable versions = 1.0.104 Fixed in 1.0.105 OWASP Top 10 A5: Broken Access Control Classification Other Vulnerability Type CVE CVE-2023-26521 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e57d979e5122 Credits István Márton Required...

WordPress Coupon Zen Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Coupon Zen Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6059f6769c37 Credits WordFence Required privilege...

WordPress Simple Slug Translate Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Slug Translate Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26515 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a353ffb7160f Credits yuyudhn Required...

WordPress All In One SEO Pack Plugin <= 4.2.9 is vulnerable to Cross Site Scripting (XSS)

Software All In One SEO Pack Type Plugin Vulnerable versions = 4.2.9 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0586 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5d5ff254df57 Credits Ivan Kuzymchak...

WordPress Dashboard Widgets Suite Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Dashboard Widgets Suite Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26517 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b0d81df240e3 Credits Rio Darmawan...