WordPress EazyDocs Plugin <= 2.3.5 is vulnerable to Broken Access Control

Software EazyDocs Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47648 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 25f152946ed4 Credits Skalucy Required privilege...

WordPress Seo By 10Web Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Seo By 10Web Type Plugin Vulnerable versions = 1.2.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34375 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 68446366bf16 Credits Le Ngoc Anh Required...

WordPress ImageMapper Plugin <= 1.2.6 is vulnerable to Broken Access Control

Software ImageMapper Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5506 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 273249a3fdc4 Credits Lana Codes Required privilege...

WordPress Auto Tag Creator Plugin <= 1.0.2 is vulnerable to Broken Access Control

Software Auto Tag Creator Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47523 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c75739c755b0 Credits Abdi Pranata Required privileg...

WordPress WP Google My Business Auto Publish Plugin <= 3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Google My Business Auto Publish Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-47237 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 19fe6caa3a0c Credits...

WordPress iPages Flipbook Plugin <= 1.4.8 is vulnerable to SQL Injection

Software iPages Flipbook Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.5.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-47236 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID ca6f53544a70 Credits Muhammad Daffa Required privilege Administrator...

WordPress MStore API Plugin <= 4.10.7 is vulnerable to Privilege Escalation

Software MStore API Type Plugin Vulnerable versions = 4.10.7 Fixed in 4.10.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-3277 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 30d740e716a7 Credits Truoc Phan ...

WordPress SEO Slider Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software SEO Slider Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5707 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 17821e38b317 Credits Lana Codes Required privilege...

WordPress Advance Menu Manager Plugin <= 3.0.6 is vulnerable to Broken Access Control

Software Advance Menu Manager Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4919cd67715f Credits WordFence Required privilege...

WordPress WP Travel Plugin <= 7.8.0 is vulnerable to Broken Access Control

Software WP Travel Type Plugin Vulnerable versions = 7.8.0 Fixed in 7.8.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47224 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID bf6c5eaeacad Credits Mika Required privilege...

WordPress Animated Rotating Words Plugin <= 5.4 is vulnerable to Broken Access Control

Software Animated Rotating Words Type Plugin Vulnerable versions = 5.4 Fixed in 5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47187 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID ba5fbcda489d Credits Abdi Pranata Requir...

WordPress Short URL Plugin <= 1.6.8 is vulnerable to Broken Access Control

Software Short URL Type Plugin Vulnerable versions = 1.6.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47225 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 80acb0670d7b Credits Abdi Pranata Required privilege...

WordPress Admin Bar & Dashboard Access Control Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Admin Bar & Dashboard Access Control Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47184 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7931d5b9940f Credits Rachit Arora...

WordPress Solid Security Plugin <= 9.0.0 is vulnerable to Sensitive Data Exposure

Software Solid Security Type Plugin Vulnerable versions = 9.0.0 Fixed in 9.0.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8abe71fcfaf7 Credits Naveen Muthusamy Required privilege...

WordPress EventPrime Plugin < 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4250 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ec5f591b9a22 Credits Miguel Santareno Required...

WordPress EventPrime Plugin < 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventPrime Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4251 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3fee28172b5f Credits Alex Sanford Required...

WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Login Screen Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47182 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 33ab93e220c0 Credits Nano Required privilege...

WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure

Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07af2f4a4fb5 Credits Marco Wotschka Required...

WordPress The Plus Addons for Elementor Pro Plugin <= 5.2.8 is vulnerable to Local File Inclusion

Software The Plus Addons for Elementor Pro Type Plugin Vulnerable versions = 5.2.8 Fixed in 5.2.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-47178 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 0501be93705b Credits Rafie Muhammad...

WordPress Finale Lite Plugin <= 2.16.0 is vulnerable to Arbitrary Content Deletion

Software Finale Lite Type Plugin Vulnerable versions = 2.16.0 Fixed in 2.17.0 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-47180 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a89d6e226519 Credits Mika Required...