WordPress WP Multi Store Locator Plugin <= 2.4.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Multi Store Locator Type Plugin Vulnerable versions = 2.4.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0152 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID dcc1d96fdaf2 Credits Lana Codes...

WordPress WPCS Plugin <= 1.1.9 is vulnerable to Broken Access Control

Software WPCS Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2556 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 05cf802e36e5 Credits Alex Thomas Required privilege...

WordPress Custom 404 Pro Plugin <= 3.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom 404 Pro Type Plugin Vulnerable versions = 3.8.1 Fixed in 3.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32740 Patch priority Medium CVSS severity Medium 5.8 Developer Kunal Nagar PSID 5d146d112b61 Credits LEE SE HYOUNG...

WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software AutomateWoo Type Plugin Vulnerable versions = 5.7.1 Fixed in 5.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32745 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2ce50834e16e Credits Rafie Muhammad Patchsta...

WordPress WooCommerce Product Recommendations Plugin < 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce Product Recommendations Type Plugin Vulnerable versions 2.3.0 Fixed in 2.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32744 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d58137983362 Credits...

WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Server Side Request Forgery (SSRF)

Software Essential Addons for Elementor Pro Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-32245 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6f79f41d4291 Credits...

WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Donations Made Easy – Smart Donations Type Plugin Vulnerable versions = 4.0.12 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32603 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a8415256cc6f...

WordPress Elementor Website Builder Plugin <= 3.13.1 is vulnerable to Broken Access Control

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.13.1 Fixed in 3.13.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Elementor PSID 95f606d4bd1b Credits N/A Required privilege...

WordPress Quick Page/Post Redirect Plugin <= 5.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Quick Page/Post Redirect Type Plugin Vulnerable versions = 5.2.3 Fixed in 5.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25063 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 28b05154c93f Credits Justiice...

WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25981 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 00a2c7a49e64 Credits István Márton Required...

WordPress Locatoraid Store Locator Plugin <= 3.9.18 is vulnerable to Cross Site Scripting (XSS)

Software Locatoraid Store Locator Type Plugin Vulnerable versions = 3.9.18 Fixed in 3.9.19 OWASP Top 10 A5: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2023-32576 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 48ffad270d6d Credits Abdi...

WordPress 10Web Social Post Feed Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software 10Web Social Post Feed Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 73c5db117428 Credits Unknown Required privileg...

WordPress Custom 404 Pro Plugin < 3.7.3 is vulnerable to Cross Site Scripting (XSS)

Software Custom 404 Pro Type Plugin Vulnerable versions 3.7.3 Fixed in 3.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2023 Patch priority High CVSS severity High 7.1 Developer Kunal Nagar PSID f5c6964d03e8 Credits Chien Vuong Required privileg...

WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control

Software Forget About Shortcode Buttons Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32579 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 97c2cfa92f61 Credits István Márton...

WordPress WoodMart Theme <= 7.2.1 is vulnerable to Broken Access Control

Software WoodMart Type Theme Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32240 Patch priority Medium CVSS severity Medium 5.4 Developer Xtemos PSID b409a147912c Credits Dave Jong Patchstack Required privilege...

WordPress WP Reactions Lite Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Reactions Lite Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32587 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b436a9de7ad3 Credits István Márton...

WordPress Bookly Plugin <= 21.7.1 is vulnerable to Arbitrary File Deletion

Software Bookly Type Plugin Vulnerable versions = 21.7.1 Fixed in 21.8 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-26526 Patch priority Medium CVSS severity Medium 7.7 Developer Claim ownership PSID a06cfd6ac407 Credits Rafie Muhammad Patchstack...

WordPress Portfolio Gallery – Responsive Image Gallery Plugin <= 1.4.6 is vulnerable to Broken Access Control

Software Portfolio Gallery – Responsive Image Gallery Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32585 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 46edb5a7cfb0 Credit...

WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Dyslexiefont Free Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32589 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fb7c8442b1dc Credits Yash Kanchhal...

WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45366 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7183b75ec323 Credits Rafie Muhammad...