WordPress Advanced Custom Fields PRO Plugin < 6.1.0 is vulnerable to PHP Object Injection

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.1.0 Fixed in 6.1.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1196 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 322be262bcd9 Credits Nguyen Huu Do Required...

WordPress WP Visitor Statistics (Real Time Traffic) Plugin < 6.9 is vulnerable to SQL Injection

Software WP Visitor Statistics Real Time Traffic Type Plugin Vulnerable versions 6.9 Fixed in 6.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0600 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 05f734351f7a Credits Trần Quốc Trường An Required...

WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Maintenance Switch Type Plugin Vulnerable versions = 1.5.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47590 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 56383f0b4655 Credits minhtuanact Required...

WordPress Depicter Slider Plugin <= 1.9.0 is vulnerable to Broken Access Control

Software Depicter Slider Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47176 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 539ee2ac709d Credits thiennv Required privilege...

WordPress Active Directory Integration / LDAP Integration Plugin < 4.1.1 is vulnerable to Sensitive Data Exposure

Software Active Directory Integration / LDAP Integration Type Plugin Vulnerable versions 4.1.1 Fixed in 4.1.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0812 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 79df970a00a6...

WordPress LIQUID SPEECH BALLOON Plugin < 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software LIQUID SPEECH BALLOON Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27889 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b1811e420432 Credits Ryo Sato of BroadBa...

WordPress Zephyr Project Manager Plugin <= 3.3.9 is vulnerable to Open Redirection

Software Zephyr Project Manager Type Plugin Vulnerable versions = 3.3.9 Fixed in 3.3.91 OWASP Top 10 A6: Security Misconfiguration Classification Open Redirection CVE CVE-2023-31237 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 0a67e197ec76 Credits Nguyen Xuan Chien...

WordPress WP Directory Kit Plugin <= 1.1.9 is vulnerable to Open Redirection

Software WP Directory Kit Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A6: Security Misconfiguration Classification Open Redirection CVE CVE-2023-31229 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID e18f8bf074f1 Credits Nguyen Xuan Chien Required...

WordPress Orbit Fox by ThemeIsle Plugin < 2.10.24 is vulnerable to Server Side Request Forgery (SSRF)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions 2.10.24 Fixed in 2.10.24 OWASP Top 10 A3: Sensitive Data Exposure Classification Server Side Request Forgery SSRF CVE CVE-2023-2287 Patch priority Medium CVSS severity Medium 5.5 Developer Claim ownership PSID b60604d1a545 Credits Al...

WordPress Responsive Filterable Portfolio Plugin < 1.0.20 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Filterable Portfolio Type Plugin Vulnerable versions 1.0.20 Fixed in 1.0.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2119 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID fdef3fcbfd28 Credits Marco...

WordPress Shield Security Plugin <= 17.0.17 is vulnerable to Broken Access Control

Software Shield Security Type Plugin Vulnerable versions = 17.0.17 Fixed in 17.0.18 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0993 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a6f498e522a5 Credits Ramuel Gall Required...

WordPress Glaze Blog Lite Theme <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Glaze Blog Lite Type Theme Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28687 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0a07af531c50 Credits László Radnai Required...

WordPress Mocho Blog Theme <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Mocho Blog Type Theme Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27412 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 085597533752 Credits László Radnai Required...

WordPress Everest News Theme <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Everest News Type Theme Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27421 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c15b03e345f4 Credits László Radnai Required...

WordPress Post Shortcode Plugin <= 2.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Post Shortcode Type Plugin Vulnerable versions = 2.0.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0526 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 623dba0711b0 Credits István Márton Require...

WordPress WP Popups Plugin < 2.1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Popups Type Plugin Vulnerable versions 2.1.5.1 Fixed in 2.1.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1905 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 10bebf67691e Credits Erwan LR Required...

WordPress Mega Addons For WPBakery Page Builder Plugin <= 4.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Mega Addons For WPBakery Page Builder Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0268 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f4952c1a005f...

WordPress Customizer Export/Import Plugin < 0.9.6 is vulnerable to PHP Object Injection

Software Customizer Export/Import Type Plugin Vulnerable versions 0.9.6 Fixed in 0.9.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1347 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 014e99d7d277 Credits Nguyen Huu Do Required privilege...

WordPress Viable blog Theme <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Viable blog Type Theme Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27419 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID bc9810b2a616 Credits László Radnai Required...

WordPress Membership Database Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Membership Database Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0514 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ffa2783bb32d Credits Shreya Pohekar Require...