WordPress Essential Grid Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Essential Grid Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47684 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0ab6025608bb Credits Rafie Muhammad Patchstack Required...

WordPress WP User Frontend Plugin <= 3.6.5 is vulnerable to Privilege Escalation

Software WP User Frontend Type Plugin Vulnerable versions = 3.6.5 Fixed in 3.6.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-47682 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 55cf1b7c7f7f Credits Rafie...

WordPress UpdraftPlus Plugin <= 1.23.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software UpdraftPlus Type Plugin Vulnerable versions = 1.23.10 Fixed in 1.23.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5982 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ef8f3eafdf9f Credits Nicolas Decayeux...

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Broken Access Control

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47647 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 662abc807ad6 Credits Elliot Required privilege Subscriber...

WordPress Q2W3 Post Order Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Q2W3 Post Order Type Plugin Vulnerable versions = 1.2.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47521 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cb5de227d10d Credits Le Ngoc Anh Require...

WordPress Garden Gnome Package Plugin <= 2.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Garden Gnome Package Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5664 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 790dcd0a5adc Credits Lana Codes Required...

WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Master Slider Pro Type Plugin Vulnerable versions = 3.6.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47508 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7401df79a69d Credits Rafie Muhammad Patchstack Required...

WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to SQL Injection

Software Master Slider Pro Type Plugin Vulnerable versions = 3.6.5 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-47506 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID c8ae4f7ba318 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Email Templates Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47181 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7902f9015dbc Credits Cat Required...

WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Scripting (XSS)

Software ShortCodes UI Type Plugin Vulnerable versions = 1.9.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47231 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1d2b471bd5be Credits Abdi Pranata Required...

WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Kadence WooCommerce Email Designer Type Plugin Vulnerable versions = 1.5.11 Fixed in 1.5.12 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47186 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d7f0bae8b697 Credit...

WordPress WP fade in text news Plugin <= 12.0 is vulnerable to SQL Injection

Software WP fade in text news Type Plugin Vulnerable versions = 12.0 Fixed in 12.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5437 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID fa9eab877745 Credits István Márton Required privilege Contributor...

WordPress Message ticker Plugin <= 9.2 is vulnerable to SQL Injection

Software Message ticker Type Plugin Vulnerable versions = 9.2 Fixed in 9.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5433 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7c80f52b28f8 Credits István Márton Required privilege Contributor Published ...

WordPress Superb slideshow gallery Plugin <= 13.1 is vulnerable to SQL Injection

Software Superb slideshow gallery Type Plugin Vulnerable versions = 13.1 Fixed in 13.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5434 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 2f0f3b992f7b Credits István Márton Required privilege Contributo...

WordPress Left right image slideshow gallery Plugin <= 12.0 is vulnerable to SQL Injection

Software Left right image slideshow gallery Type Plugin Vulnerable versions = 12.0 Fixed in 12.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5431 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a8ec43c6fd5b Credits István Márton Required privilege...

WordPress Pre-Orders for WooCommerce Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS)

Software Pre-Orders for WooCommerce Type Plugin Vulnerable versions = 1.2.13 Fixed in 1.2.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46783 Patch priority Medium CVSS severity Medium 6.5 Developer Bright Plugins PSID 2af48c0b751e Credits Khalid Yusuf Require...

WordPress Custom My Account for Woocommerce Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Custom My Account for Woocommerce Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46634 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 57a74cf6a7e6 Credits qilin...

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.2.0 is vulnerable to Broken Access Control

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46635 Patch priority Medium CVSS severity Medium 5.3 Developer YITH PSID e6f126f82710 Credits Elliot Required...

WordPress WP EXtra Plugin <= 6.2 is vulnerable to Remote Code Execution (RCE)

Software WP EXtra Type Plugin Vulnerable versions = 6.2 Fixed in 6.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-46623 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4dd4ccde8243 Credits TP Cyber Security Required privilege Subscribe...

WordPress Smart Online Order for Clover Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46312 Patch priority High CVSS severity High 7.1 Developer Zaytech PSID 99ef88d7e47d Credits thiennv Require...