WordPress WP Tabs Plugin < 2.1.17 is vulnerable to Cross Site Scripting (XSS)

Software WP Tabs Type Plugin Vulnerable versions 2.1.17 Fixed in 2.1.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0071 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 477efeb39f0f Credits István Márton Required...

WordPress Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Plugin < 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Type Plugin Vulnerable versions 2.3.5 Fixed in 2.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Custom User Profile Fields Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)

Software Custom User Profile Fields Type Plugin Vulnerable versions = 1.8 Fixed in 1.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4831 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 02766634c7d2 Credits István...

WordPress Social Warfare Plugin <= 4.3.0 is vulnerable to Broken Access Control

Software Social Warfare Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0402 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 18527265013d Credits Marco Wotschka Required...

WordPress Video.js – HTML5 Video Player for WordPress Plugin <= 4.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Video.js – HTML5 Video Player for WordPress Type Plugin Vulnerable versions = 4.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4786 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 522c5fb94d76...

WordPress GigPress Plugin <= 2.3.27 is vulnerable to Cross Site Scripting (XSS)

Software GigPress Type Plugin Vulnerable versions = 2.3.27 Fixed in 2.3.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 5602dcf35459 Credits WordfenceTeam Required privilege...

WordPress Video Sidebar Widgets Plugin <= 6.1 is vulnerable to Cross Site Scripting (XSS)

Software Video Sidebar Widgets Type Plugin Vulnerable versions = 6.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4785 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 2859d13481bb Credits István Márton...

WordPress Widgets for Google Reviews Plugin < 9.8 is vulnerable to Cross Site Scripting (XSS)

Software Widgets for Google Reviews Type Plugin Vulnerable versions 9.8 Fixed in 9.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4470 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 6ca77c2a5891 Credits Lana Codes...

WordPress CC Child Pages Plugin < 1.43 is vulnerable to Cross Site Scripting (XSS)

Software CC Child Pages Type Plugin Vulnerable versions 1.43 Fixed in 1.43 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4776 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID a6bb713113e2 Credits Lana Codes Required...

WordPress My Tickets Plugin <= 1.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software My Tickets Type Plugin Vulnerable versions = 1.9.10 Fixed in 1.9.11 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3393f084dbba Credits WordfenceTeam Required...

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin < 2.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions 2.3.6 Fixed in 2.3.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4657 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSI...

WordPress WooCommerce Chained Products Plugin < 2.12.0 is vulnerable to Broken Access Control

Software WooCommerce Chained Products Type Plugin Vulnerable versions 2.12.0 Fixed in 2.12.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4872 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b129a8471653 Credits WPScan...

WordPress Show-Hide / Collapse-Expand Plugin <= 1.2.5 is vulnerable to Broken Authentication

Software Show-Hide / Collapse-Expand Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Authentication CVE N/A Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 11f0fb541e9a Credits N/A Required privilege...

WordPress Themify Shortcodes Plugin < 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Themify Shortcodes Type Plugin Vulnerable versions 2.0.8 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4787 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 25f866583e9e Credits István Márton...

WordPress Show-Hide / Collapse-Expand Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Show-Hide / Collapse-Expand Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4829 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID a608bae568e8 Credits István...

WordPress Membership For WooCommerce Plugin < 2.1.7 is vulnerable to Arbitrary File Upload

Software Membership For WooCommerce Type Plugin Vulnerable versions 2.1.7 Fixed in 2.1.7 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Upload CVE CVE-2022-4395 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 0a53b711b376 Credits cydave Required...

WordPress PixCodes Plugin < 2.3.7 is vulnerable to Cross Site Scripting (XSS)

Software PixCodes Type Plugin Vulnerable versions 2.3.7 Fixed in 2.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4671 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 83d7d6cc74a4 Credits István Márton Required...

WordPress Booster Elite for WooCommerce Plugin < 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Booster Elite for WooCommerce Type Plugin Vulnerable versions 6.0.1 Fixed in 6.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4017 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e0191ec2ee9f Credits WPscan...

WordPress PDF Viewer Plugin < 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software PDF Viewer Type Plugin Vulnerable versions 1.0.0 Fixed in 1.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0033 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6e3ff2a57463 Credits István Márton Required...

WordPress Bold Timeline Lite Plugin < 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Bold Timeline Lite Type Plugin Vulnerable versions 1.1.5 Fixed in 1.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4828 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0317e30acfa3 Credits István Márton...