WordPress Darcie Theme <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Darcie Type Theme Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25961 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 213da94cc277 Credits MyungJu Kim Required privilege...

WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Broken Access Control

Software Top 10 Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer WebberZone PSID 0fa5b1c87acc Credits WordFence Required privilege Subscriber Publishe...

WordPress Zendrop – Global Dropshipping Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Zendrop – Global Dropshipping Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Upload CVE CVE-2023-25970 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 180f30af21a8 Credits Dave Jong...

WordPress Apollo13 Framework Extensions Plugin <= 1.8.10 is vulnerable to Broken Access Control

Software Apollo13 Framework Extensions Type Plugin Vulnerable versions = 1.8.10 Fixed in 1.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25959 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e663c34e63b0 Credits István Márton...

WordPress YouTube Channel Plugin <= 3.23.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software YouTube Channel Type Plugin Vulnerable versions = 3.23.3 Fixed in 3.23.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25987 Patch priority Low CVSS severity Low 4.3 Developer Aleksandar Urošević PSID fad79021f069 Credits Mika Required...

WordPress CPT – Speakers Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software CPT – Speakers Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25977 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3e1184654a6a Credits Mahesh Nagabhairava Required...

WordPress WP Meta SEO Plugin <= 4.5.2 is vulnerable to SQL Injection

Software WP Meta SEO Type Plugin Vulnerable versions = 4.5.2 Fixed in 4.5.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ed22c0b021d4 Credits WordFence Required privilege Subscriber Published 23 February,...

WordPress CM Answers Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Software CM Answers Type Plugin Vulnerable versions = 3.1.9 Fixed in 3.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25992 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ea97458a6a8c Credits MyungJu Kim Required privile...

WordPress Redirect Redirection Plugin <= 1.1.3 is vulnerable to Broken Access Control

Software Redirect Redirection Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID acc4d402d165 Credits WordFence Required privilege...

WordPress Hero Banner Ultimate Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Hero Banner Ultimate Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45818 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f00bc682c547 Credits thiennv Required...

WordPress Markup (JSON-LD) structured in schema.org Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Markup JSON-LD structured in schema.org Type Plugin Vulnerable versions = 4.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4666 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f683250d0657...

WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS)

Software ProfilePress Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23830 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b724881f96bc Credits Rafie Muhammad...

WordPress Read More Excerpt Link Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Read More Excerpt Link Type Plugin Vulnerable versions = 1.6 Fixed in 1.6.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-26011 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 838704e6067f Credits Mika Required...

WordPress Protected Posts Logout Button Plugin <= 1.4.5 is vulnerable to Broken Access Control

Software Protected Posts Logout Button Type Plugin Vulnerable versions = 1.4.5 Fixed in 1.4.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25454 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 524d5fc86c25 Credits yuyudhn Require...

WordPress Stock market charts from finviz Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Stock market charts from finviz Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23809 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 206bbc36367f Credits Rio...

WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS)

Software Visualizer Type Plugin Vulnerable versions = 3.9.4 Fixed in 3.9.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23708 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d0daddcc471b Credits Rafshanzani Suhada Required...

WordPress Quiz And Survey Master Plugin <= 8.0.8 is vulnerable to Arbitrary Content Deletion

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.8 Fixed in 8.0.9 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-0291 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5e9a3307d184 Credits Julien Ahrens...

WordPress Zeno Font Resizer Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)

Software Zeno Font Resizer Type Plugin Vulnerable versions = 1.7.9 Fixed in 1.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25442 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9818bffc879d Credits Rio Darmawan Required...

WordPress Scriptless Social Sharing Plugin < 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Scriptless Social Sharing Type Plugin Vulnerable versions 3.2.2 Fixed in 3.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0377 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ac2027e820d0 Credits Lana Codes...

WordPress Get URL Cron Plugin <= 1.4.7 is vulnerable to Broken Access Control

Software Get URL Cron Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ed2c1394cbbb Credits Rio Darmawan Required privilege...