WordPress WCFM Membership Plugin <= 2.10.0 is vulnerable to Broken Access Control

Software WCFM Membership Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4940 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID b80cebcdc2c4 Credits Chloe Chamberland Required...

WordPress Fancy Product Designer Plugin <= 4.6.9 is vulnerable to Broken Access Control

Software Fancy Product Designer Type Plugin Vulnerable versions = 4.6.9 Fixed in 4.7.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-4334 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 81f6208d4f4f Credits Ramuel Gall Required...

WordPress Fancy Product Designer Plugin <= 4.6.9 is vulnerable to Broken Access Control

Software Fancy Product Designer Type Plugin Vulnerable versions = 4.6.9 Fixed in 4.7.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-4335 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID b0afa15cabbe Credits Ramuel Gall Required...

WordPress WCFM Marketplace Plugin <= 3.4.11 is vulnerable to Broken Access Control

Software WCFM Marketplace Type Plugin Vulnerable versions = 3.4.11 Fixed in 3.4.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4935 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a8f99e67f24d Credits Chloe Chamberland Require...

WordPress YourChannel: Everything you want in a YouTube Plugin <= 1.2.3 is vulnerable to Broken Access Control

Software YourChannel: Everything you want in a YouTube Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1868 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID b65addd676af Credit...

WordPress Ajax Search Pro Plugin < 4.26.2 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Search Pro Type Plugin Vulnerable versions 4.26.2 Fixed in 4.26.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1435 Patch priority High CVSS severity High 6.1 Developer Claim ownership PSID 019181a32a8a Credits Erwan LR Required...

WordPress Add User Role Plugin < 1.6.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Add User Role Type Plugin Vulnerable versions 1.6.7 Fixed in 1.6.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0820 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7eb1f185c259 Credits dc11 Required privilege...

WordPress Welcome Bar Plugin <= 2.0.3 is vulnerable to Broken Access Control

Software Welcome Bar Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 1616e8eeba7b Credits WordFence Required privilege Subscribe...

WordPress Product Enquiry for WooCommerce Plugin <= 2.2.12 is vulnerable to Cross Site Scripting (XSS)

Software Product Enquiry for WooCommerce Type Plugin Vulnerable versions = 2.2.12 Fixed in 2.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29170 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b43cae5ebb34 Credits Myung...

WordPress PropertyHive Plugin <= 1.5.46 is vulnerable to Cross Site Scripting (XSS)

Software PropertyHive Type Plugin Vulnerable versions = 1.5.46 Fixed in 1.5.47 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29172 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1f09421dbd25 Credits minhtuanact Requir...

WordPress Conditional extra fees for woocommerce Plugin <= 1.0.96 is vulnerable to Cross Site Scripting (XSS)

Software Conditional extra fees for woocommerce Type Plugin Vulnerable versions = 1.0.96 Fixed in 1.0.97 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29093 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 14551fbb2b7d Credit...

WordPress Easy Quiz Maker Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Easy Quiz Maker Type Plugin Vulnerable versions = 1.5 Fixed in 2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 43ad93965d09 Credits Unknown Required privilege...

WordPress Coupon Affiliates Plugin <= 5.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Coupon Affiliates Type Plugin Vulnerable versions = 5.4.3 Fixed in 5.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28992 Patch priority Medium CVSS severity Medium 7.1 Developer RelyWP PSID 3cc060340a7c Credits thiennv Required privile...

WordPress Really Simple Google Tag Manager Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Really Simple Google Tag Manager Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23801 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0e8a9934df4f Credits...

WordPress Gift Vouchers Plugin <= 4.3.2 is vulnerable to SQL Injection

Software Gift Vouchers Type Plugin Vulnerable versions = 4.3.2 Fixed in 4.3.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28662 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 00c7c58f5f8a Credits Joshua Martinelle Required privilege...

WordPress TF Random Numbers Plugin < 2.0.1 is vulnerable to Broken Access Control

Software TF Random Numbers Type Plugin Vulnerable versions 2.0.1 Fixed in 2.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0889 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 611153a666ff Credits dc11 Required privilege...

WordPress WP Meta SEO Plugin < 4.5.5 is vulnerable to Deserialization of untrusted data

Software WP Meta SEO Type Plugin Vulnerable versions 4.5.5 Fixed in 4.5.5 OWASP Top 10 A1: Injection Classification Deserialization of untrusted data CVE CVE-2023-1381 Patch priority Medium CVSS severity Medium 6.6 Developer Claim ownership PSID 9880ffba76ab Credits Alex Sanford Required privileg...

WordPress Viral Mag Theme <= 1.0.9 is vulnerable to Broken Authentication

Software Viral Mag Type Theme Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-28990 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b28f73fc2c08 Credits Dave Jong Patchstack Required...

WordPress Zippy Plugin <= 1.6.1 is vulnerable to Sensitive Data Exposure

Software Zippy Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-26533 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 652b24a2c5be Credits Junsu Yeo Required privilege...

WordPress Newsletter Plugin <= 7.6.8 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 7.6.8 Fixed in 7.6.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 78a41f715fc6 Credits Unknown Required privilege...