WordPress Urvanov Syntax Highlighter Plugin <= 2.8.33 is vulnerable to Cross Site Request Forgery (CSRF)

Software Urvanov Syntax Highlighter Type Plugin Vulnerable versions = 2.8.33 Fixed in 2.8.34 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45106 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 73e06e46354c Credits Mika...

WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure

Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.1.1 Fixed in 7.1.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-40002 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 565c06f4723d Credits Dave Jong...

WordPress Seriously Simple Stats Plugin <= 1.5.0 is vulnerable to SQL Injection

Software Seriously Simple Stats Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.5.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-45001 Patch priority Low CVSS severity Low 8.5 Developer Castos PSID 84cb56be8542 Credits Rafie Muhammad Patchstack Required privilege Podcas...

WordPress AmpedSense – AdSense Split Tester Plugin <= 4.68 is vulnerable to Cross Site Scripting (XSS)

Software AmpedSense – AdSense Split Tester Type Plugin Vulnerable versions = 4.68 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25476 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7e14cb3c2001 Credits...

WordPress Seriously Simple Stats Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Seriously Simple Stats Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45005 Patch priority Medium CVSS severity Medium 7.1 Developer Castos PSID 48b02f9f86c3 Credits Rafie Muhammad...

WordPress Bulk NoIndex & NoFollow Toolkit Plugin <= 1.42 is vulnerable to Cross Site Scripting (XSS)

Software Bulk NoIndex & NoFollow Toolkit Type Plugin Vulnerable versions = 1.42 Fixed in 1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45065 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bb820b4a4cd3 Credits Phd...

WordPress Social proof testimonials and reviews by Repuso Plugin <= 5.01 is vulnerable to Cross Site Request Forgery (CSRF)

Software Social proof testimonials and reviews by Repuso Type Plugin Vulnerable versions = 5.01 Fixed in 5.02 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45048 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f56e0249a9...

WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.15.2 is vulnerable to Cross Site Scripting (XSS)

Software Abandoned Cart Lite for WooCommerce Type Plugin Vulnerable versions = 5.15.2 Fixed in 5.16.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44986 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3d15bd807ee2 Credits Robert DeVore...

WordPress Import XML and RSS Feeds Plugin < 2.1.4 is vulnerable to Arbitrary File Upload

Software Import XML and RSS Feeds Type Plugin Vulnerable versions 2.1.4 Fixed in 2.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-4300 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c89e25140dca Credits Jonatas Souza Villa Flor Required...

WordPress wpDiscuz Plugin < 7.6.6 is vulnerable to SQL Injection

Software wpDiscuz Type Plugin Vulnerable versions 7.6.6 Fixed in 7.6.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID fcbd1df4be98 Credits Unknown Required privilege Unauthenticated Published 19 September,...

WordPress Essential Addons for Elementor Plugin <= 5.8.8 is vulnerable to Privilege Escalation

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.8.8 Fixed in 5.8.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-41955 Patch priority High CVSS severity High 8.8 Developer WPDeveloper PSID 80be75758179...

WordPress Login with phone number Plugin <= 1.5.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Login with phone number Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4916 Patch priority Low CVSS severity Low 8.8 Developer Hamid Alinia PSID af13ecc92bb0 Credits Lana Codes...

WordPress ProfilePress Plugin <= 4.13.1 is vulnerable to Privilege Escalation

Software ProfilePress Type Plugin Vulnerable versions = 4.13.1 Fixed in 4.13.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-41954 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID d5c79c2dbd22 Credits Revan...

WordPress Flatsome Theme <= 3.17.5 is vulnerable to PHP Object Injection

Software Flatsome Type Theme Vulnerable versions = 3.17.5 Fixed in 3.17.6 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-40555 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 0472344ea36e Credits Rafie Muhammad Patchstack Required privilege...

WordPress Premium Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF)

Software Premium Starter Templates Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-41804 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 95875b60baf4 Credits Rafie...

WordPress Outbound Link Manager Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Outbound Link Manager Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41850 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c95f0f1dc27b Credits Rio Darmawan...

WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Remote Code Execution (RCE)

Software RSVPMarker Type Plugin Vulnerable versions = 10.6.6 Fixed in 10.6.7 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-25054 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8f0ff34720aa Credits Ravi Dharmawan Required privilege...

WordPress WP iCal Availability Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP iCal Availability Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41853 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ada00f9a3353 Credits Mika Required...

WordPress Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF)

Software Starter Templates Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-41804 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 9a3308ad9975 Credits Rafie Muhammad...

WordPress WP Accessibility Helper (WAH) Plugin <= 0.6.2.4 is vulnerable to Broken Access Control

Software WP Accessibility Helper WAH Type Plugin Vulnerable versions = 0.6.2.4 Fixed in 0.6.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41869 Patch priority Low CVSS severity Low 4.3 Developer Alexander Volkov PSID e746c281667d Credits thiennv...