WordPress Kraken.io Image Optimizer Plugin <= 2.6.8 is vulnerable to Broken Access Control

Software Kraken.io Image Optimizer Type Plugin Vulnerable versions = 2.6.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0619 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID b987322713b6 Credits Marco Wotschka -...

WordPress Jobs for WordPress Plugin <= 2.5.11.2 is vulnerable to Cross Site Scripting (XSS)

Software Jobs for WordPress Type Plugin Vulnerable versions = 2.5.11.2 Fixed in 2.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-44743 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9031f3e3273b Credits thiennv Required...

WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to Arbitrary File Download

Software 1003 Mortgage Application Type Plugin Vulnerable versions = 1.75 Fixed in 1.80 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2022-45368 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 541a2fe842ed Credits Rodrigo Escobar...

WordPress Multi Rating Plugin <= 5.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Multi Rating Type Plugin Vulnerable versions = 5.0.5 Fixed in 5.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1dcbbd6b8544 Credits rezaduty Required...

WordPress Album and Image Gallery plus Lightbox Plugin <= 1.6.2 is vulnerable to Broken Access Control

Software Album and Image Gallery plus Lightbox Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25060 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd001a553b6f Credits Cat...

WordPress Auto Affiliate Links Plugin <= 6.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.3 Fixed in 6.3.0.1 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE CVE-2023-22689 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6689a92a0421 Credits...

WordPress Posts and Users Stats Plugin <= 1.1.3 is vulnerable to CSV Injection

Software Posts and Users Stats Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-44738 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID adb9c8d12136 Credits Mika Required privilege Subscriber Publishe...

WordPress ShortPixel Adaptive Images Plugin < 3.6.3 is vulnerable to Cross Site Scripting (XSS)

Software ShortPixel Adaptive Images Type Plugin Vulnerable versions 3.6.3 Fixed in 3.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0334 Patch priority High CVSS severity High 7.1 Developer ShortPixel PSID 58e461d9e0d8 Credits dc11 Required...

WordPress GS Portfolio for Envato Plugin < 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software GS Portfolio for Envato Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0559 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID abe3328dc56e Credits István Márto...

WordPress Easy Digital Downloads Plugin < 3.1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Easy Digital Downloads Type Plugin Vulnerable versions 3.1.0.5 Fixed in 3.1.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0380 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 553ace90a817 Credits István...

WordPress GS Books Showcase Plugin < 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software GS Books Showcase Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0541 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7768af0764d3 Credits István Márton...

WordPress ContentStudio Plugin < 1.2.6 is vulnerable to Other Vulnerability Type

Software ContentStudio Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A1: Injection Classification Other Vulnerability Type CVE CVE-2023-0556 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 3749f412d25d Credits Marco Wotschka Required privilege...

WordPress ShopLentor Plugin < 2.5.4 is vulnerable to PHP Object Injection

Software ShopLentor Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-0232 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 0065ec87acd5 Credits WPScan Required privilege Unauthenticated...

WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)

Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-0550 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 53344b864cc7 Credits Marco...

WordPress ShopLentor Plugin < 2.5.4 is vulnerable to Cross Site Scripting (XSS)

Software ShopLentor Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0231 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fcbadeca6ddb Credits István Márton Required...

WordPress ContentStudio Plugin < 1.2.6 is vulnerable to Bypass Vulnerability

Software ContentStudio Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A5: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-0558 Patch priority Low CVSS severity Low 7.3 Developer Claim ownership PSID 9617386e7fb6 Credits Chloe Chamberland Required privileg...

WordPress Simple Photo Gallery Plugin <= v1.8.1 is vulnerable to SQL Injection

Software Simple Photo Gallery Type Plugin Vulnerable versions = v1.8.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47588 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID 7bcaa9fe7073 Credits minhtuanact Required privilege Administrator...

WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.1 is vulnerable to Settings Change

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A2: Broken Authentication Classification Settings Change CVE CVE-2022-46838 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID f5722521e19a Credits...

WordPress WP Table Manager Plugin <= 3.5.2 is vulnerable to Broken Access Control

Software WP Table Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47601 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID dd961e3e7567 Credits Cat Required privilege...

WordPress JobBoardWP – Job Board Listings and Submissions Plugin <= 1.2.2 is vulnerable to Insecure Direct Object References (IDOR)

Software JobBoardWP – Job Board Listings and Submissions Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-23715 Patch priority Low CVSS severity Low 5.2 Developer Claim ownership PSID...