WordPress Autoptimize Plugin < 3.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Autoptimize Type Plugin Vulnerable versions 3.1.7 Fixed in 3.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2113 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 45f6a5c2bef1 Credits Juampa Rodríguez Required...

WordPress WP BrowserUpdate Plugin <= 4.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP BrowserUpdate Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-31078 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ca8233546f51 Credits qilin99 Required...

WordPress Arconix Shortcodes Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23703 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a66cbc072f58 Credits István Márton Requir...

WordPress Forms Ada Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Forms Ada Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27613 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e7150cfdbfda Credits Pavak Tiwari Required privilege...

WordPress Updraft Plugin <= 0.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Updraft Type Plugin Vulnerable versions = 0.6.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26530 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bc1184571b44 Credits Nguyen Xuan Hoa Required...

WordPress Modal Dialog Plugin <= 3.5.14 is vulnerable to Cross Site Scripting (XSS)

Software Modal Dialog Type Plugin Vulnerable versions = 3.5.14 Fixed in 3.5.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31071 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29ef21377041 Credits LEE SE HYOUNG...

WordPress Display custom fields in the frontend – Post and User Profile Fields Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Display custom fields in the frontend – Post and User Profile Fields Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-31073 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PS...

WordPress Woocommerce Email Report Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Woocommerce Email Report Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27627 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 629859a93d95 Credits Yuki Haruma...

WordPress Easy Slider Revolution Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Easy Slider Revolution Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28622 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID e200bc473eac Credits Yuki Harum...

WordPress Clock In Portal- Staff & Attendance Management Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Clock In Portal- Staff & Attendance Management Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0763 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 460bee1676e1...

WordPress ChatBot Plugin <= 4.4.8 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions = 4.4.8 Fixed in 4.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1651 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0fe1f44f2072 Credits Erwan LR Required privilege...

WordPress Verified Reviews (Avis Vérifiés) Plugin <= 2.3.14 is vulnerable to Cross Site Scripting (XSS)

Software Verified Reviews Avis Vérifiés Type Plugin Vulnerable versions = 2.3.14 Fixed in 2.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23720 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4bfd6109ebaa Credits yuyudh...

WordPress ChatBot Plugin <= 4.4.6 is vulnerable to PHP Object Injection

Software ChatBot Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1650 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 84bd0e4874e7 Credits Erwan LR Required privilege Unauthenticated...

WordPress Album Gallery – WordPress Gallery Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Album Gallery – WordPress Gallery Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23646 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 043c2f9c9d2e Credits...

WordPress WP Docs Plugin <= 1.9.8 is vulnerable to Broken Access Control

Software WP Docs Type Plugin Vulnerable versions = 1.9.8 Fixed in 1.9.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30873 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3a97e9d9d358 Credits István Márton Required privilege...

WordPress Continuous announcement scroller Plugin <= 13.0 is vulnerable to Cross Site Scripting (XSS)

Software Continuous announcement scroller Type Plugin Vulnerable versions = 13.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46819 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 81d873d17d59 Credits Justiice...

WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Motors – Car Dealer & Classified Ads Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-38716 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 076e6b4c8854 Credit...

WordPress Table & Contact Form 7 Database – Tablesome Plugin < 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Table & Contact Form 7 Database – Tablesome Type Plugin Vulnerable versions 1.0.9 Fixed in 1.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1890 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 33f0514f48a5...

WordPress vSlider Multi Image Slider for WordPress Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software vSlider Multi Image Slider for WordPress Type Plugin Vulnerable versions = 4.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-22672 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ebfb8daaae94...

WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to SQL Injection

Software Shortcode IMDB Type Plugin Vulnerable versions = 6.0.8 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47432 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID 90dd9be6ea07 Credits minhtuanact Required privilege Administrator Publish...