WordPress Eupago Gateway For Woocommerce Plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Eupago Gateway For Woocommerce Type Plugin Vulnerable versions = 3.1.9 Fixed in 3.1.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45638 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 84bb9fde48fb Credits...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5534 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dd9ca26e2bc4 Credits Marco Wotschka Required...

WordPress Fattura24 Plugin < 6.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Fattura24 Type Plugin Vulnerable versions 6.2.8 Fixed in 6.2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5211 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0ad9cd39b4a8 Credits Enrico Marcolini Claudio...

WordPress WordPress Backup & Migration Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software WordPress Backup & Migration Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45636 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e1fb36cf7cf2 Credits Abdi Prana...

WordPress Campaign Monitor Forms Plugin < 2.5.6 is vulnerable to Broken Access Control

Software Campaign Monitor Forms Type Plugin Vulnerable versions 2.5.6 Fixed in 2.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-5098 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 224fc6fd923e Credits Francesco Marano...

WordPress Responsive Tabs Plugin < 4.0.6 is vulnerable to Content Injection

Software Responsive Tabs Type Plugin Vulnerable versions 4.0.6 Fixed in 4.0.6 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2023-45635 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bf3a377a744c Credits Abdi Pranata Required privilege Contributor...

WordPress EventPrime Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45637 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7c19ecb3f3a7 Credits Phd Required privilege Unauthenticated...

WordPress Get Custom Field Values Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Get Custom Field Values Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45604 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8b0df9061359 Credits Satoo Nakano Required privilege...

WordPress Simple URLs Plugin <= 120 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple URLs Type Plugin Vulnerable versions = 120 Fixed in 121 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45606 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8dcb8acc03a Credits Mika Required privilege...

WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload

Software User Submitted Posts Type Plugin Vulnerable versions = 20230902 Fixed in 20230914 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-45603 Patch priority High CVSS severity High 9 Developer Claim ownership PSID b7d676bf7c95 Credits Rafie Muhammad Patchstack...

WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Popular Posts Type Plugin Vulnerable versions = 6.3.2 Fixed in 6.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45607 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1c445e00e39 Credits Rafie Muhammad Patchstack...

WordPress Mailrelay Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mailrelay Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45108 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19213d6f5e3d Credits Mika Required privilege...

WordPress GoodBarber Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)

Software GoodBarber Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45107 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 54aa1d490fb5 Credits Mika Required privileg...

WordPress Redirection for Contact Form 7 Plugin <= 2.9.2 is vulnerable to Broken Access Control

Software Redirection for Contact Form 7 Type Plugin Vulnerable versions = 2.9.2 Fixed in 3.0.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-39920 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ca4cdb116544 Credits Nguyen Anh...

WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS)

Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.18 Fixed in 1.15.19 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45071 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 40c5a2d21d33 Credits RE-ALTER Required...

WordPress canvasio3D Light Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software canvasio3D Light Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45062 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a3783fd52d4 Credits thiennv Required...

WordPress WP Job Openings Plugin <= 3.4.1 is vulnerable to Broken Access Control

Software WP Job Openings Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45061 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 80557dfd2883 Credits Revan Arifio Required privile...

WordPress WPGetAPI Plugin 2.1.0-2.2.1 is vulnerable to Broken Access Control

Software WPGetAPI Type Plugin Vulnerable versions 2.1.0-2.2.1 Fixed in 2.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID ca2d9e4727c6 Credits Unknown Required privilege Subscriber...

WordPress OPcache Dashboard Plugin <= 0.3.1 is vulnerable to Cross Site Scripting (XSS)

Software OPcache Dashboard Type Plugin Vulnerable versions = 0.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45064 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 88a7f0a12d7e Credits LEE SE HYOUNG...

WordPress WP User Frontend Plugin <= 3.6.8 is vulnerable to Broken Access Control

Software WP User Frontend Type Plugin Vulnerable versions = 3.6.8 Fixed in 3.6.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45002 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bd6150300c70 Credits Abdi Pranata Required...