WordPress Uncode Core Plugin <= 2.8.8 is vulnerable to Privilege Escalation

Software Uncode Core Type Plugin Vulnerable versions = 2.8.8 Fixed in 2.8.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51515 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID cbf9fea3f077 Credits Rafie...

WordPress Ocean Extra Plugin < 2.2.3 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oceanwp:oceanextra"; if description...

WordPress WP Mail Catcher Plugin <= 2.1.3 is vulnerable to SQL Injection

Software WP Mail Catcher Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50844 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 8506292c33f5 Credits Muhammad Daffa Required privilege Administrator...

WordPress Spectra - WordPress Gutenberg Blocks Plugin < 2.7.10 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:brainstormforce:spectra"; ifdescription...

WordPress CURCY Plugin <= 2.2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software CURCY Type Plugin Vulnerable versions = 2.2.0.1 Fixed in 2.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50831 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5702a980d547 Credits LVT-tholv2k Required privilege Contributor...

WordPress WP Go Maps Plugin < 9.0.28 is vulnerable to Cross Site Scripting (XSS)

Software WP Go Maps Type Plugin Vulnerable versions 9.0.28 Fixed in 9.0.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6627 Patch priority Medium CVSS severity Medium 7.1 Developer WP Go Maps PSID 5fe45794e92f Credits Marc Montpas Required...

WordPress GG Woo Feed for WooCommerce Plugin <= 1.2.4 is vulnerable to Broken Access Control

Software GG Woo Feed for WooCommerce Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6638 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2cec2849f3e7 Credits István Márto...

WordPress SpeedyCache Plugin < 1.1.3 SSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:softaculous:speedycache"; if description...

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability

WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the...

WordPress Cosmetsy Core Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Cosmetsy Core Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49839 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 77a58ba376e1 Credits RE-ALTER Required privilege...

WordPress Essential Addons for Elementor Pro Plugin < 5.4.9 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpdeveloper:essentialaddonsforelementor"; if description...

WordPress Shortcoder Plugin <= 6.3 is vulnerable to Broken Access Control

Software Shortcoder Type Plugin Vulnerable versions = 6.3 Fixed in 6.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49849 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID f8adf2be0194 Credits Abdi Pranata Required privileg...

WordPress Genesis Simple Love Plugin <= 2.0 is vulnerable to PHP Object Injection

Software Genesis Simple Love Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49772 Patch priority High CVSS severity High 10 Developer Claim ownership PSID fa51f08cd8a2 Credits Rafie Muhammad Patchstack Required...

WordPress WappPress Plugin <= 5.0.3 is vulnerable to Arbitrary File Upload

Software WappPress Type Plugin Vulnerable versions = 5.0.3 Fixed in 6.0.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-49815 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 7f1643a48293 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE)

Software Astra Pro Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-49830 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 4758946ebae8 Credits Rafie Muhammad Patchstack Required...

WordPress Soledad Theme <= 8.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49827 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4415c6f5a085 Credits Rafie Muhammad Patchstack Required...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.4 Fixed in 1.4.1.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49834 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dcb04c679c38...

WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to SQL Injection

Software Sayfa Sayaç Type Plugin Vulnerable versions = 2.6 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49776 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID b5614af7ec8d Credits Rafie Muhammad Patchstack Required privilege...

WordPress NextGEN Gallery Plugin < 3.39 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:imagely:nextgengallery"; if description...

WordPress EWWW Image Optimizer Plugin < 7.2.1 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ewww:imageoptimizer"; if description...