WordPress User Meta Manager Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS)

Software User Meta Manager Type Plugin Vulnerable versions = 3.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22718 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d307e7329c6e Credits minhtuanact...

WordPress Camera slideshow Plugin <= 1.4.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Camera slideshow Type Plugin Vulnerable versions = 1.4.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22682 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a784f0137b80 Credits thiennv Required...

WordPress M Chart Plugin <= 1.9.4 is vulnerable to Cross Site Scripting (XSS)

Software M Chart Type Plugin Vulnerable versions = 1.9.4 Fixed in 1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23892 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 383eb1775479 Credits thiennv Required privilege...

WordPress YARPP Plugin <= 5.30.2 is vulnerable to Cross Site Scripting (XSS)

Software YARPP Type Plugin Vulnerable versions = 5.30.2 Fixed in 5.30.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2022-4471 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 60c430d55f43 Credits István Márton Required...

WordPress Better Font Awesome Plugin < 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Better Font Awesome Type Plugin Vulnerable versions 2.0.4 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4512 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3f338a1f451d Credits Lana Codes...

WordPress GiveWP Plugin <= 2.23.2 is vulnerable to SQL Injection

Software GiveWP Type Plugin Vulnerable versions = 2.23.2 Fixed in 2.24.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0224 Patch priority High CVSS severity High 8.2 Developer Liquid Web / StellarWP PSID 3f057c60656c Credits dc11 Required privilege Unauthenticated Publishe...

WordPress TemplatesNext ToolKit Plugin < 3.2.9 is vulnerable to Cross Site Scripting (XSS)

Software TemplatesNext ToolKit Type Plugin Vulnerable versions 3.2.9 Fixed in 3.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0333 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9f3110209bb9 Credits WPScan Require...

WordPress Enable Media Replace Plugin < 4.0.2 is vulnerable to Arbitrary File Upload

Software Enable Media Replace Type Plugin Vulnerable versions 4.0.2 Fixed in 4.0.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0255 Patch priority High CVSS severity High 9.1 Developer ShortPixel PSID 1a8eac52cb81 Credits dc11 Required privilege Author Published 1...

WordPress MainWP Wordfence Extension Plugin <= 4.0.7 is vulnerable to Broken Access Control

Software MainWP Wordfence Extension Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-22699 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID aa51573e0a8b Credits Dave Jong...

WordPress MainWP Wordfence Extension Plugin <= 4.0.7 is vulnerable to Settings Change

Software MainWP Wordfence Extension Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-23669 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID ad99cab21d6e Credits Dave Jong Patchsta...

WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 is vulnerable to Broken Access Control

Software MainWP UpdraftPlus Extension Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23640 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 075f06640c08 Credits Dave Jong...

WordPress MainWP Clone Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software MainWP Clone Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23642 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID fedefb75fe08 Credits Dave Jong...

WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software MainWP Code Snippets Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23650 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 27d865081452 Credits Dave...

WordPress Rich Table of Contents Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Rich Table of Contents Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4551 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2ac49cba0f41 Credits Lana Codes...

WordPress MainWP Article Uploader Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software MainWP Article Uploader Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23742 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e674bdb18c0f Credits Dave Jong...

WordPress Simple URLs Plugin < 115 is vulnerable to SQL Injection

Software Simple URLs Type Plugin Vulnerable versions 115 Fixed in 115 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0098 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ce05d13c3118 Credits dc11 Required privilege Subscriber Published 17 January,...

WordPress teachPress Plugin <= 8.1.8 is vulnerable to Cross Site Scripting (XSS)

Software teachPress Type Plugin Vulnerable versions = 8.1.8 Fixed in 8.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8de649d41654 Credits Nguyen Xuan Chien...

WordPress MainWP White Label Extension Plugin <= 4.1.1 is vulnerable to Broken Access Control

Software MainWP White Label Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23748 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 4cf93d58a995 Credits Dave Jong...

WordPress Widgets on Pages Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Widgets on Pages Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4488 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 86b237a22e6a Credits Lana Codes Requir...

WordPress Judge.me Product Reviews for WooCommerce Plugin < 1.3.21 is vulnerable to Cross Site Scripting (XSS)

Software Judge.me Product Reviews for WooCommerce Type Plugin Vulnerable versions 1.3.21 Fixed in 1.3.21 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0061 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7fda1dafd296...