WordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF)

Software Zephyr Project Manager Type Plugin Vulnerable versions = 3.3.93 Fixed in 3.3.94 OWASP Top 10 A6: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-34373 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 598837ada134 Credits...

WordPress MStore API Plugin < 3.9.6 is vulnerable to Broken Access Control

Software MStore API Type Plugin Vulnerable versions 3.9.6 Fixed in 3.9.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID f9c3e8cc268b Credits Unknown Required privilege Subscriber Publish...

WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Recent Posts Slider Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35043 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cce446409bae Credits LEE SE HYOUNG...

WordPress Booking and Rental Manager Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Booking and Rental Manager Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35048 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 73d697a7ce84 Credits NeginNrb...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0708 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID d2490fc4db6a Credits Ramuel Gall...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0688 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID 594d4e4abd66 Credits Ramuel Gall...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0709 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID 4e0102594f1d Credits Ramuel Gall...

WordPress WP Mail Catcher Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Mail Catcher Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3080 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 4c3adbc78628 Credits Alex Thomas Required...

WordPress Members Plugin <= 3.4.7.3 is vulnerable to Broken Access Control

Software Members Type Plugin Vulnerable versions = 3.4.7.3 Fixed in 3.4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2869 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 561a12f2621a Credits Marco Wotschka Required...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0692 Patch priority Medium CVSS severity Medium 4.3 Developer Wpmet PSID d33b9b89cda5 Credits Ramuel...

WordPress B2BKing Plugin <= 4.6.00 is vulnerable to Broken Access Control

Software B2BKing Type Plugin Vulnerable versions = 4.6.00 Fixed in 4.6.20 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3125 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 7647d8bb49ff Credits Jerome Bruandet Required privilege...

WordPress Directorist Plugin <= 7.5.4 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1889 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 3d986c80db6c Credits Alex Thomas Required privilege...

WordPress Activello Theme <= 1.4.0 is vulnerable to Broken Access Control

Software Activello Type Theme Vulnerable versions = 1.4.0 Fixed in 1.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36721 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 121a85ec7375 Credits Jerome Bruandet - NinTechNet...

WordPress B2BKing Plugin <= 4.6.00 is vulnerable to Broken Access Control

Software B2BKing Type Plugin Vulnerable versions = 4.6.00 Fixed in 4.6.20 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3126 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID e0410908e411 Credits Jerome Bruandet Required...

WordPress Brilliance Theme <= 1.2.7 is vulnerable to Broken Access Control

Software Brilliance Type Theme Vulnerable versions = 1.2.7 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36721 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID a0bd7d64b1bd Credits Jerome Bruandet - NinTechNet...

WordPress Newspaper X Theme <= 1.3.1 is vulnerable to Broken Access Control

Software Newspaper X Type Theme Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36721 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 364d88cff362 Credits Jerome Bruandet - NinTechNet...

WordPress Directorist Plugin <= 7.5.4 is vulnerable to Privilege Escalation

Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-1888 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3e2d4eebdb38 Credits Alex Thomas Required privilege...

WordPress Contact Form Builder by vcita Plugin <= 4.10.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Builder by vcita Type Plugin Vulnerable versions = 4.10.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2300 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3b4b71b799e4 Credits Jonas...

WordPress WordPress Tables Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Tables Type Plugin Vulnerable versions = 1.3.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25453 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c90cdd1a03de Credits Le Ngoc Anh Requir...

WordPress WP User Switch Plugin <= 1.0.2 is vulnerable to Bypass Vulnerability

Software WP User Switch Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A2: Broken Authentication Classification Bypass Vulnerability CVE CVE-2023-2546 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID d69f4769545f Credits István Márton Required privile...