WordPress Add to Calendar Button Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Add to Calendar Button Type Plugin Vulnerable versions 1.5.1 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46613 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d1a3af767789 Credits Ngô Thiên An ancorn from...

WordPress Quill Forms Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software Quill Forms Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46610 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID f234d1eb3578 Credits Abdi Pranata Required privilege...

WordPress Tab Ultimate Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Tab Ultimate Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5667 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 6b4d31988178 Credits István Márton Required privileg...

WordPress Security & Malware scan by CleanTalk Plugin <= 2.50 is vulnerable to Broken Access Control

Software Security & Malware scan by CleanTalk Type Plugin Vulnerable versions = 2.50 Fixed in 2.51 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36698 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID b7a98366ebf3 Credits Jerome...

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-46311 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 05932cb617e2 Credits Revan Arifio Requir...

WordPress Soisy Pagamento Rateale Plugin <= 6.0.1 is vulnerable to Broken Access Control

Software Soisy Pagamento Rateale Type Plugin Vulnerable versions = 6.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5132 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID ea685dad7b8e Credits Francesco Carlucci...

WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Webpushr Type Plugin Vulnerable versions = 4.34.0 Fixed in 4.35.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35041 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5f64981a29ac Credits Theodoros Malachias...

WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.0 is vulnerable to SQL Injection

Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5336 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 25ea3eb9ee79 Credits István Márton Require...

WordPress Taggbox Plugin <= 3.3 is vulnerable to Broken Access Control

Software Taggbox Type Plugin Vulnerable versions = 3.3 Fixed in 3.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33215 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 74a01c79e50d Credits Jonas Höbenreich Required privilege...

WordPress Booster for WooCommerce Plugin <= 7.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.1.2 Fixed in 7.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5638 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID be851143f85f Credits István Márton...

WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.14 is vulnerable to Local File Inclusion

Software Ultimate Addons for WPBakery Page Builder Type Plugin Vulnerable versions = 3.19.14 Fixed in 3.19.15 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-46205 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 1ed82bf57553 Credits Rafie...

WordPress Super Testimonial Pro Plugin <= 2.9 is vulnerable to Cross Site Scripting (XSS)

Software Super Testimonial Pro Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5613 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4c345a4e70e4 Credits Lana Codes Required...

WordPress BetterLinks Plugin <= 1.6.0 is vulnerable to Broken Access Control

Software BetterLinks Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45104 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID cff55ac44f90 Credits Nguyen Anh Tien Required...

WordPress Headline Analyzer Plugin <= 1.3.1 is vulnerable to Broken Access Control

Software Headline Analyzer Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46195 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0889713f4319 Credits Mika Required privilege...

WordPress MpOperationLogs Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software MpOperationLogs Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5538 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 58b2eea0d790 Credits juweihuitao Required...

WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Privilege Escalation

Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-46145 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 23dc050c5700 Credits Rafie Muhammad Patchstack...

WordPress Social Media & Share Icons Plugin <= 2.8.5 is vulnerable to Sensitive Data Exposure

Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5070 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 041c1c8cf3d2 Credits Marco...

WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Settings Change

Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-46148 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 4e68744a5277 Credits Rafie Muhammad Patchstack Required...

WordPress Conversios.io Plugin <= 6.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Conversios.io Type Plugin Vulnerable versions = 6.5.3 Fixed in 6.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46094 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID fb9e0ece864f Credits Phd Required privilege Unauthenticated...

WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userback Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46089 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ca0e03655d57 Credits LEE SE HYOUNG...