WordPress MainWP Post Plus Extension Plugin <= 4.0.3 is vulnerable to Arbitrary Content Deletion

Software MainWP Post Plus Extension Type Plugin Vulnerable versions = 4.0.3 Fixed in 4.1.1 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-23666 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 66ca6cd7da00 Credits Dave Jong...

WordPress Easy Accept Payments Plugin < 4.9.10 is vulnerable to Cross Site Scripting (XSS)

Software Easy Accept Payments Type Plugin Vulnerable versions 4.9.10 Fixed in 4.9.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0275 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 334f1469f03f Credits Lana Codes...

WordPress Custom 404 Pro Plugin <= 3.7.0 is vulnerable to SQL Injection

Software Custom 404 Pro Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47605 Patch priority Low CVSS severity Low 8.3 Developer Kunal Nagar PSID 960f40facc61 Credits minhtuanact Required privilege Administrator Published...

WordPress Stream Plugin < 3.9.2 is vulnerable to Broken Access Control

Software Stream Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4384 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ad3b89e6bfd1 Credits Krzysztof Zajac Required privilege...

WordPress Easy Digital Downloads Plugin <= 3.1.0.3 is vulnerable to SQL Injection

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.1.0.3 Fixed in 3.1.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23489 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 8ebed23bcf9a Credits Joshua Martinelle Required privilege...

WordPress WP Booklet Plugin <= 2.1.8 is vulnerable to Remote Code Execution (RCE)

Software WP Booklet Type Plugin Vulnerable versions = 2.1.8 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-22677 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 1a71e450e6f5 Credits Le Ngoc Anh Required privilege Subscriber...

WordPress Materialis Companion Plugin < 1.3.40 is vulnerable to Cross Site Scripting (XSS)

Software Materialis Companion Type Plugin Vulnerable versions 1.3.40 Fixed in 1.3.40 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4762 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 80cd16937fbb Credits Lana Codes...

WordPress ExactMetrics Plugin < 7.12.1 is vulnerable to Cross Site Scripting (XSS)

Software ExactMetrics Type Plugin Vulnerable versions 7.12.1 Fixed in 7.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0082 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5eb38112ee75 Credits Lana Codes Required...

WordPress Map Multi Marker Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Map Multi Marker Type Plugin Vulnerable versions = 3.2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47591 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0fa0897cb0de Credits minhtuanact Requir...

WordPress Leaflet Maps Marker Plugin < 3.12.7 is vulnerable to Cross Site Scripting (XSS)

Software Leaflet Maps Marker Type Plugin Vulnerable versions 3.12.7 Fixed in 3.12.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4677 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 99a82b35c26d Credits Lana Codes...

WordPress Annual Archive Plugin < 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Annual Archive Type Plugin Vulnerable versions 1.6.0 Fixed in 1.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0178 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e447b05c3b01 Credits Lana Codes Required...

WordPress jQuery T(-) Countdown Widget Plugin < 2.3.24 is vulnerable to Cross Site Scripting (XSS)

Software jQuery T- Countdown Widget Type Plugin Vulnerable versions 2.3.24 Fixed in 2.3.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0171 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6d69c46b235b Credits Lana...

WordPress WP Blog and Widget Plugin < 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Blog and Widget Type Plugin Vulnerable versions 2.3.1 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4824 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID db9b8648db51 Credits Lana Codes Requir...

WordPress YouTube Channel Plugin < 3.23.0 is vulnerable to Cross Site Scripting (XSS)

Software YouTube Channel Type Plugin Vulnerable versions 3.23.0 Fixed in 3.23.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4756 Patch priority Medium CVSS severity Medium 6.3 Developer Aleksandar Urošević PSID 3866f6e0ecf5 Credits Lana Codes...

WordPress Ibtana Plugin < 1.1.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Ibtana Type Plugin Vulnerable versions 1.1.8.8 Fixed in 1.1.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4674 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e564cfbd3326 Credits Lana Codes Required...

WordPress GamiPress – Vimeo integration Plugin < 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software GamiPress – Vimeo integration Type Plugin Vulnerable versions 1.0.9 Fixed in 1.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0154 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID eece071753de Credits Lana...

WordPress EAN for WooCommerce Plugin < 4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software EAN for WooCommerce Type Plugin Vulnerable versions 4.4.3 Fixed in 4.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0062 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID efcc1edc10be Credits Lana Codes...

WordPress Breadcrumb Plugin < 1.5.33 is vulnerable to Cross Site Scripting (XSS)

Software Breadcrumb Type Plugin Vulnerable versions 1.5.33 Fixed in 1.5.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4836 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 68e0f577b655 Credits Lana Codes Required...

WordPress WC Vendors Marketplace Plugin < 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Software WC Vendors Marketplace Type Plugin Vulnerable versions 2.4.5 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0072 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID c2abc726ee8e Credits Lana Codes...

WordPress Send PDF for Contact Form 7 Plugin < 0.9.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Send PDF for Contact Form 7 Type Plugin Vulnerable versions 0.9.9.2 Fixed in 0.9.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0143 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 570b9726f6b6 Credits Istv...