WordPress Zyrex Popup Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Zyrex Popup Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0924 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 902b3bcce78c Credits Yogesh Verma Required privilege Administrator...

WordPress Simple Giveaways Plugin < 2.45.1 is vulnerable to Cross Site Scripting (XSS)

Software Simple Giveaways Type Plugin Vulnerable versions 2.45.1 Fixed in 2.45.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1122 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 8adf4cd8d10f Credits Varun Required...

WordPress Simple Giveaways Plugin < 2.45.1 is vulnerable to Cross Site Scripting (XSS)

Software Simple Giveaways Type Plugin Vulnerable versions 2.45.1 Fixed in 2.45.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1120 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3822ab339f6d Credits ipatelsumit Required...

WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Tiles Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4827 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7153516c9060 Credits Lana Codes Required privile...

WordPress Klaviyo Plugin <= 3.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Klaviyo Type Plugin Vulnerable versions = 3.0.10 Fixed in 3.0.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0874 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9cbb77409b1f Credits Rafshanzani Suhada Required...

WordPress Stylish Cost Calculator Premium Plugin < 7.9.0 is vulnerable to Cross Site Scripting (XSS)

Software Stylish Cost Calculator Premium Type Plugin Vulnerable versions 7.9.0 Fixed in 7.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0983 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 344803b43355 Credits Flaviu...

WordPress Hummingbird Plugin < 3.4.2 is vulnerable to Path Traversal

Software Hummingbird Type Plugin Vulnerable versions 3.4.2 Fixed in 3.4.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Path Traversal CVE CVE-2023-1478 Patch priority High CVSS severity High 8.6 Developer WPMU DEV PSID 237afa7a6db1 Credits Karol Mazurek AFINE Required privilege...

WordPress FluentForm Plugin < 4.3.25 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions 4.3.25 Fixed in 4.3.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0546 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 479c93086620 Credits Vaibhav Rajput Required...

WordPress WP Data Access Plugin <= 5.3.7 is vulnerable to Broken Access Control

Software WP Data Access Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1874 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d34193572ac0 Credits Chloe Chamberland Required...

WordPress Formidable Forms Plugin <= 6.1.2 is vulnerable to PHP Object Injection

Software Formidable Forms Type Plugin Vulnerable versions = 6.1.2 Fixed in 6.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1405 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e0f1ba3999f1 Credits Nguyen Huu Do Required privilege...

WordPress TheRoof Theme <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software TheRoof Type Theme Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29430 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a30310c483cd Credits RE-ALTER Required privilege...

WordPress Amelia Plugin <= 1.0.75 is vulnerable to Cross Site Scripting (XSS)

Software Amelia Type Plugin Vulnerable versions = 1.0.75 Fixed in 1.0.76 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29427 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5784c15e5a5a Credits minhtuanact Required...

WordPress The7 Theme <= 11.6.0 is vulnerable to Cross Site Scripting (XSS)

Software The7 Type Theme Vulnerable versions = 11.6.0 Fixed in 11.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29100 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 24f83da1f799 Credits Rafie Muhammad Patchstack...

WordPress WCFM Membership Plugin <= 2.10.0 is vulnerable to Privilege Escalation

Software WCFM Membership Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2022-4939 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d39bb3379dad Credits Chloe Chamberland Required...

WordPress WCFM – Frontend Manager for WooCommerce Plugin 6.6.0 is vulnerable to Broken Access Control

Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions 6.6.0 Fixed in 6.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4937 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 5a74a2e3561b Credits Chloe...

WordPress Transbank Webpay REST Plugin <= 1.6.6 is vulnerable to SQL Injection

Software Transbank Webpay REST Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-27610 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID d271398a2afa Credits Mika Required privilege Administrator...

WordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Health Check & Troubleshooting Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47161 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4168e86a07d1 Credits...

WordPress Connections Business Directory Plugin <= 10.4.36 is vulnerable to Cross Site Scripting (XSS)

Software Connections Business Directory Type Plugin Vulnerable versions = 10.4.36 Fixed in 10.4.37 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29437 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 584ffff6397a Credits...

WordPress WCFM Marketplace Plugin <= 3.4.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software WCFM Marketplace Type Plugin Vulnerable versions = 3.4.12 Fixed in 3.5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4936 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13c6dc4f50f8 Credits Chloe Chamberland...

WordPress Fancy Product Designer Plugin <= 4.6.9 is vulnerable to Broken Access Control

Software Fancy Product Designer Type Plugin Vulnerable versions = 4.6.9 Fixed in 4.7.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-4334 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 81f6208d4f4f Credits Ramuel Gall Required...