WordPress Parallax Image Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Parallax Image Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47854 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 03c7e3341e44 Credits resecured.io Required privilege Contribut...

WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Broken Access Control

Software Perfmatters Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47874 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID b2fde2f095d3 Credits Dave Jong Patchstack Requir...

WordPress WP Githuber MD Plugin <= 1.16.2 is vulnerable to Arbitrary File Upload

Software WP Githuber MD Type Plugin Vulnerable versions = 1.16.2 Fixed in 1.16.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-47846 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID b732ced6291a Credits Rafie Muhammad Patchstack Required...

WordPress BlossomThemes Email Newsletter Plugin <= 2.2.4 is vulnerable to Broken Access Control

Software BlossomThemes Email Newsletter Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47849 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 051053384c38 Credits Abdi...

WordPress wpMandrill Plugin <= 1.33 is vulnerable to Broken Access Control

Software wpMandrill Type Plugin Vulnerable versions = 1.33 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47828 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ca3867a3ec02 Credits Abdi Pranata Required privilege...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.14.0 is vulnerable to Local File Inclusion

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.14.0 Fixed in 2.15.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-37888 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 2ea7a20d00de Credits Rafie...

WordPress Jetpack Plugin < 12.7 is vulnerable to Clickjacking

Software Jetpack Type Plugin Vulnerable versions 12.7 Fixed in 12.7 OWASP Top 10 A3: Injection Classification Clickjacking CVE CVE-2023-47774 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 18fefcc21cac Credits Rafie Muhammad Patchstack Required privilege Contributor...

WordPress Charitable Plugin <= 1.7.0.13 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.7.0.13 Fixed in 1.7.0.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47816 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 00dfa7559152 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Namaste! LMS Plugin <= 2.6.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Namaste! LMS Type Plugin Vulnerable versions = 2.6.1.1 Fixed in 2.6.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4602 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 31640ca97ff3 Credits Vincenzo Turturro...

WordPress Elementor Addon Elements Plugin <= 1.12.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.12.7 Fixed in 1.12.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4690 Patch priority Low CVSS severity Low 4.3 Developer WPVibes PSID 4fc8bb67050e Credits WordFence Require...

WordPress Jetpack Plugin <= 12.8-a.1 is vulnerable to Cross Site Scripting (XSS)

Software Jetpack Type Plugin Vulnerable versions = 12.8-a.1 Fixed in 12.8-a.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45050 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8bdf519cb2b8 Credits Rafie Muhammad Patchstack Required...

WordPress Phlox Shop Plugin <= 2.0.0 is vulnerable to Local File Inclusion

Software Phlox Shop Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-39163 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 2e21185d83c1 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Slider Revolution Plugin <= 6.6.15 is vulnerable to Arbitrary File Upload

Software Slider Revolution Type Plugin Vulnerable versions = 6.6.15 Fixed in 6.6.16 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-47784 Patch priority Low CVSS severity Low 8.4 Developer ThemePunch PSID 92c233355a76 Credits Rafie Muhammad Patchstack Required privile...

WordPress Pz-LinkCard Plugin <= 2.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pz-LinkCard Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.5.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47790 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1f315cc56e29 Credits Le Ngoc Anh...

WordPress Thrive Theme Builder Theme < 3.24.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Thrive Theme Builder Type Theme Vulnerable versions 3.24.2 Fixed in 3.24.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47781 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID adbf55b004a2 Credits Rafie Muhammad...

WordPress BetterDocs Plugin <= 2.5.2 is vulnerable to Broken Access Control

Software BetterDocs Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.5.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47762 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a29f1668c541 Credits Abdi Pranata Required...

WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.6.6 is vulnerable to Privilege Escalation

Software WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Type Plugin Vulnerable versions = 7.6.6 Fixed in 7.6.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-47683 Patch priority High CVSS severity High 8...

WordPress Mini Cart Drawer For WooCommerce Plugin <= 4.0.0 is vulnerable to Broken Access Control

Software Mini Cart Drawer For WooCommerce Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47694 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d5e11a29b0ee Credits Abdi Pranata...

WordPress Qi Addons For Elementor Plugin <= 1.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Qi Addons For Elementor Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47680 Patch priority Low CVSS severity Low 6.5 Developer Qode Interactive PSID dee29da77c21 Credits Rafie Muhammad...

WordPress Preloader Matrix Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Preloader Matrix Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47685 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 500447b9268e Credits Skalucy Required...