WordPress Use Memcached Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Use Memcached Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41670 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 79bb635c7a5f Credits Nguyen Xuan Chien...

WordPress WP-dTree Plugin <= 4.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP-dTree Type Plugin Vulnerable versions = 4.4.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41667 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID df2c2472ecf8 Credits LEE SE HYOUNG hackintoanetwo...

WordPress authLdap Plugin <= 2.6.0 is vulnerable to Cross Site Scripting (XSS)

Software authLdap Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41655 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1c9c6ce8a2a5 Credits Rio Darmawan Required privileg...

WordPress WP Migration Plugin DB & Files – WP Synchro Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Migration Plugin DB & Files – WP Synchro Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.10.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41660 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0d4cb791a23...

WordPress All-in-One WP Migration Dropbox Extension Plugin <= 3.75 is vulnerable to Broken Access Control

Software All-in-One WP Migration Dropbox Extension Type Plugin Vulnerable versions = 3.75 Fixed in 3.76 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 517b1424056f Credits Raf...

WordPress All-in-One WP Migration OneDrive Extension Plugin <= 1.66 is vulnerable to Broken Access Control

Software All-in-One WP Migration OneDrive Extension Type Plugin Vulnerable versions = 1.66 Fixed in 1.67 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 11686f7de85d Credits...

WordPress Happy Elementor Addons Pro Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Happy Elementor Addons Pro Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41236 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1e3539666fdb Credits Rafie...

WordPress Folders Plugin <= 2.9.2 is vulnerable to Arbitrary File Upload

Software Folders Type Plugin Vulnerable versions = 2.9.2 Fixed in 2.9.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-40204 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID c5881308f6ec Credits Rafie Muhammad Patchstack Required privileg...

WordPress Elements kit Elementor addons Plugin <= 2.9.0 is vulnerable to Broken Access Control

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 2.9.0 Fixed in 2.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-39993 Patch priority Low CVSS severity Low 4.3 Developer Wpmet PSID 73124e646248 Credits Rafie Muhammad Patchstack...

WordPress JupiterX Core Plugin <= 3.3.8 is vulnerable to Privilege Escalation

Software JupiterX Core Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.4.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-38389 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID bb67776164d1 Credits Rafie...

WordPress DX-auto-save-images Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software DX-auto-save-images Type Plugin Vulnerable versions = 1.4.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-40671 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dbea39d50672 Credits Skalucy Required...

WordPress Meta slider and carousel with lightbox Plugin <= 1.8.2 is vulnerable to Broken Access Control

Software Meta slider and carousel with lightbox Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 708ddfc78d3b Credits Abdi...

WordPress JupiterX Core Plugin 3.0.0-3.3.0 is vulnerable to Broken Access Control

Software JupiterX Core Type Plugin Vulnerable versions 3.0.0-3.3.0 Fixed in 3.3.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-38385 Patch priority Low CVSS severity Low 8.3 Developer Claim ownership PSID 202b642bd6d8 Credits Rafie Muhammad Patchstack...

WordPress Post Timeline Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Post Timeline Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4284 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 86a5f3c466ca Credits tnt24 Required...

WordPress Easy!Appointments Plugin <= 1.3.3 is vulnerable to Arbitrary File Deletion

Software Easy!Appointments Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.4.0 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-32295 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 8a50196a1675 Credits Jonas Höbenreich Requir...

WordPress Atarim Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Atarim Type Plugin Vulnerable versions = 3.9.3 Fixed in 3.9.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-37393 Patch priority Medium CVSS severity Medium 7.1 Developer Atarim PSID bc406b115680 Credits Robert DeVore Required privilege Unauthenticated...

WordPress Avada Theme <= 7.11.1 is vulnerable to Arbitrary File Upload

Software Avada Type Theme Vulnerable versions = 7.11.1 Fixed in 7.11.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-39307 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 332539b4f8ac Credits Rafie Muhammad Patchstack Required privilege...

WordPress Avada Theme <= 7.11.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Avada Type Theme Vulnerable versions = 7.11.1 Fixed in 7.11.2 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-39313 Patch priority Low CVSS severity Low 7.7 Developer Claim ownership PSID 8a9512654743 Credits Rafie Muhammad Patchstack...

WordPress Avada Theme <= 7.11.1 is vulnerable to Arbitrary File Upload

Software Avada Type Theme Vulnerable versions = 7.11.1 Fixed in 7.11.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-39312 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID 1d3152e6549b Credits Rafie Muhammad Patchstack Required privilege...

WordPress Fusion Builder Plugin <= 3.11.1 is vulnerable to Cross Site Scripting (XSS)

Software Fusion Builder Type Plugin Vulnerable versions = 3.11.1 Fixed in 3.11.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-39306 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bdcd9585d35e Credits Rafie Muhammad Patchstack...