WordPress File Manager Pro Plugin < 1.8.1 is vulnerable to Remote Code Execution (RCE)

Software File Manager Pro Type Plugin Vulnerable versions 1.8.1 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4861 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID cd77a490f9de Credits Alex Sanford Required privilege...

WordPress File Uploader Plugin < 4.23.3 is vulnerable to Cross Site Scripting (XSS)

Software File Uploader Type Plugin Vulnerable versions 4.23.3 Fixed in 4.23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4811 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1623a29c06e5 Credits FAIYAZ AHMAD Required...

WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)

Software Lava Directory Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46081 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f0161d7b2655 Credits Emili...

WordPress Broken Link Checker | Finder Plugin <= 2.4.2 is vulnerable to Broken Access Control

Software Broken Link Checker | Finder Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.5.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46082 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID cfffdd260ad0 Credits Abdi Prana...

WordPress Custom post types Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Custom post types Type Plugin Vulnerable versions = 5.0.2 Fixed in 5.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32116 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de51dde21ff9 Credits Taihei Shimamine...

WordPress Ashe Extra Plugin <= 1.2.9 is vulnerable to Broken Access Control

Software Ashe Extra Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.92 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46079 Patch priority Low CVSS severity Low 5.4 Developer WProyal PSID 9a7abfde0bc8 Credits Jonas Höbenreich Required privilege...

WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software EG-Attachments Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46070 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 04006798b0e0 Credits Le Ngoc Anh Required...

WordPress The Awesome Feed – Custom Feed Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Software The Awesome Feed – Custom Feed Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46077 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bf6946983fa1 Credits Nguy...

WordPress DX Delete Attached Media Plugin <= 2.0.5.1 is vulnerable to Broken Access Control

Software DX Delete Attached Media Type Plugin Vulnerable versions = 2.0.5.1 Fixed in 2.0.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46073 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 86e92ca0a83a Credits Abdi Pranata...

WordPress is vulnerable to Broken Access Control

Software WordPress Type WordPress Core Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-39999 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 145475520c6c Credits Rafie Muhammad Patchstack...

WordPress RumbleTalk Live Group Chat Plugin <= 6.2.5 is vulnerable to Broken Access Control

Software RumbleTalk Live Group Chat Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45828 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 142311804af3 Credits Mika Require...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to SQL Injection

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5204 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d9d43b0258cf Credits Marco Wotschka Required privilege Unauthenticated...

WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Report Post Type Plugin Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45769 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d5598e546cea Credits Ivy TOOR, LISA...

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Broken Access Control

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45760 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b4dc1c4ebd9c Credits RE-ALTER Required privilege...

WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Nexter Extension Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45750 Patch priority Medium CVSS severity Medium 7.1 Developer POSIMYTH Innovations PSID ad2209719d8d Credits Rafie...

WordPress Poll Maker Plugin <= 4.7.1 is vulnerable to Broken Access Control

Software Poll Maker Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45766 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 63dcd5a4b5a6 Credits Revan Arifio Required privilege...

WordPress HTML5 Maps Plugin <= 1.7.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software HTML5 Maps Type Plugin Vulnerable versions = 1.7.1.4 Fixed in 1.7.1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45650 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 414faf6d1725 Credits Mika Required...

WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software CPT Shortcode Generator Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45644 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8bfa1d036efa Credits Lokesh Dachepalli...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Arbitrary File Deletion

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Deletion CVE CVE-2023-5212 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID cac6c246df55 Credits Marco Wotschka Chloe Chamberland Require...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Sensitive Data Exposure

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5254 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a08bb4253476 Credits Marco Wotschka Required privilege...