WordPress YouTube Channel Plugin <= 3.0.12.1 is vulnerable to Broken Access Control

Software YouTube Channel Type Plugin Vulnerable versions = 3.0.12.1 Fixed in 3.23.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0447 Patch priority Medium CVSS severity Medium 4.3 Developer Aleksandar Urošević PSID 5cd4c6177416 Credits WordfenceTeam...

WordPress WP Tabs Plugin < 2.1.17 is vulnerable to Cross Site Scripting (XSS)

Software WP Tabs Type Plugin Vulnerable versions 2.1.17 Fixed in 2.1.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0071 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 477efeb39f0f Credits István Márton Required...

WordPress Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Plugin < 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Type Plugin Vulnerable versions 2.3.5 Fixed in 2.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Social Warfare Plugin <= 4.3.0 is vulnerable to Broken Access Control

Software Social Warfare Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0402 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 18527265013d Credits Marco Wotschka Required...

WordPress GigPress Plugin <= 2.3.27 is vulnerable to Cross Site Scripting (XSS)

Software GigPress Type Plugin Vulnerable versions = 2.3.27 Fixed in 2.3.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 5602dcf35459 Credits WordfenceTeam Required privilege...

WordPress Video Sidebar Widgets Plugin <= 6.1 is vulnerable to Cross Site Scripting (XSS)

Software Video Sidebar Widgets Type Plugin Vulnerable versions = 6.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4785 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 2859d13481bb Credits István Márton...

WordPress Video.js – HTML5 Video Player for WordPress Plugin <= 4.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Video.js – HTML5 Video Player for WordPress Type Plugin Vulnerable versions = 4.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4786 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 522c5fb94d76...

WordPress CC Child Pages Plugin < 1.43 is vulnerable to Cross Site Scripting (XSS)

Software CC Child Pages Type Plugin Vulnerable versions 1.43 Fixed in 1.43 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4776 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID a6bb713113e2 Credits Lana Codes Required...

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin < 2.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions 2.3.6 Fixed in 2.3.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4657 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSI...

WordPress Widgets for Google Reviews Plugin < 9.8 is vulnerable to Cross Site Scripting (XSS)

Software Widgets for Google Reviews Type Plugin Vulnerable versions 9.8 Fixed in 9.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4470 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 6ca77c2a5891 Credits Lana Codes...

WordPress My Tickets Plugin <= 1.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software My Tickets Type Plugin Vulnerable versions = 1.9.10 Fixed in 1.9.11 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3393f084dbba Credits WordfenceTeam Required...

WordPress Show-Hide / Collapse-Expand Plugin <= 1.2.5 is vulnerable to Broken Authentication

Software Show-Hide / Collapse-Expand Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Authentication CVE N/A Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 11f0fb541e9a Credits N/A Required privilege...

WordPress WooCommerce Chained Products Plugin < 2.12.0 is vulnerable to Broken Access Control

Software WooCommerce Chained Products Type Plugin Vulnerable versions 2.12.0 Fixed in 2.12.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4872 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b129a8471653 Credits WPScan...

WordPress Themify Shortcodes Plugin < 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Themify Shortcodes Type Plugin Vulnerable versions 2.0.8 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4787 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 25f866583e9e Credits István Márton...

WordPress Membership For WooCommerce Plugin < 2.1.7 is vulnerable to Arbitrary File Upload

Software Membership For WooCommerce Type Plugin Vulnerable versions 2.1.7 Fixed in 2.1.7 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Upload CVE CVE-2022-4395 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 0a53b711b376 Credits cydave Required...

WordPress Show-Hide / Collapse-Expand Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Show-Hide / Collapse-Expand Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4829 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID a608bae568e8 Credits István...

WordPress CPT Bootstrap Carousel Plugin <= 1.12 is vulnerable to Cross Site Scripting (XSS)

Software CPT Bootstrap Carousel Type Plugin Vulnerable versions = 1.12 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4834 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 49016ec732ce Credits István Márton...

WordPress Survey Maker Plugin <= 3.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Survey Maker Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0038 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 288687756ced Credits Chloe Chamberland Require...

WordPress PixCodes Plugin < 2.3.7 is vulnerable to Cross Site Scripting (XSS)

Software PixCodes Type Plugin Vulnerable versions 2.3.7 Fixed in 2.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4671 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 83d7d6cc74a4 Credits István Márton Required...

WordPress Blockonomics Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Blockonomics Type Plugin Vulnerable versions = 3.5.7 Fixed in 3.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a483f702894f Credits N/A Required privilege...