WordPress RevivePress Plugin < 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software RevivePress Type Plugin Vulnerable versions 1.5.3 Fixed in 1.5.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e19b58dc50bd Credits Rafie Muhammad Patchstack Required...

WordPress Guestofy – Restaurant Reservations Plugin, Room Planer, Reservation Form Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Guestofy – Restaurant Reservations Plugin, Room Planer, Reservation Form Type Plugin Vulnerable versions = 2.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSI...

WordPress Nokke Theme < 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Nokke Type Theme Vulnerable versions 1.2.4 Fixed in 1.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 801453b53dfc Credits Rafie Muhammad Patchstack Required privilege...

WordPress Integrate Automate – WordPress, WooCommerce & CF7 for IFTTT, Zapier, Automate.io other API glue Platforms. Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Integrate Automate – WordPress, WooCommerce & CF7 for IFTTT, Zapier, Automate.io other API glue Platforms. Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium...

WordPress Funnelmentals Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Funnelmentals Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 19e49b3ef970 Credits Rafie Muhammad Patchstack Required...

WordPress New Order Notification Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software New Order Notification Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f85602c77d34 Credits Rafie Muhammad Patchstack...

WordPress Checkout with Venmo on EDD Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Checkout with Venmo on EDD Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 85fec6b4a1ab Credits Rafie Muhammad Patchstack...

WordPress GOAuth Plugin <= 2.20 is vulnerable to Cross Site Scripting (XSS)

Software GOAuth Type Plugin Vulnerable versions = 2.20 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1aeda2a1b24f Credits Rafie Muhammad Patchstack Required privilege...

WordPress HT Mega Plugin <= 2.2.0 is vulnerable to Privilege Escalation

Software HT Mega Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-37999 Patch priority High CVSS severity High 9.8 Developer HTMega PSID bbe5238c947f Credits Rafie Muhammad Patchstac...

WordPress WPFunnels Plugin <= 2.7.16 is vulnerable to Cross Site Scripting (XSS)

Software WPFunnels Type Plugin Vulnerable versions = 2.7.16 Fixed in 2.7.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-37977 Patch priority Medium CVSS severity Medium 7.1 Developer WPFunnels Team PSID 5b27642361cb Credits LEE SE HYOUNG hackintoanetwork Requir...

WordPress Coming Soon Chop Chop Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Coming Soon Chop Chop Type Plugin Vulnerable versions = 2.2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-37893 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a25fdf76e34 Credits Phd Required...

WordPress WooCommerce Warranty Requests Plugin <= 2.1.9 is vulnerable to Broken Access Control

Software WooCommerce Warranty Requests Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-37870 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID a8cf2ee414a2 Credits Rafie Muhamma...

WordPress ARMember Plugin <= 4.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software ARMember Type Plugin Vulnerable versions = 4.0.5 Fixed in 4.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7cdd5c04b280 Credits Cat Required privilege...

WordPress Booking Package Plugin <= 1.5.98 is vulnerable to Privilege Escalation

Software Booking Package Type Plugin Vulnerable versions = 1.5.98 Fixed in 1.5.99 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-37389 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 0ff1d9e379c0 Credits Rafie...

WordPress Premium Addons PRO Plugin <= 2.9.0 is vulnerable to Sensitive Data Exposure

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.9.0 Fixed in 2.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-37868 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 61bc62d7d465 Credits Rafie Muhammad...

WordPress JetFormBuilder Plugin <= 3.0.8 is vulnerable to Privilege Escalation

Software JetFormBuilder Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-37866 Patch priority Medium CVSS severity Medium 7.2 Developer Crocoblock PSID bb75400351be Credits Rafie...

WordPress Masteriyo - LMS Plugin < 1.6.8 is vulnerable to Sensitive Data Exposure

Software Masteriyo - LMS Type Plugin Vulnerable versions 1.6.8 Fixed in 1.6.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Masteriyo PSID aef3f4a1c0c4 Credits Unknown Required privilege Subscriber...

WordPress User Registration Plugin <= 3.0.2 is vulnerable to Arbitrary File Upload

Software User Registration Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.2.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-3342 Patch priority High CVSS severity High 9.9 Developer Masteriyo PSID 9e6954072452 Credits István Márton Required privilege Subscribe...

WordPress WP-Optimize Plugin < 3.2.13 is vulnerable to Cross Site Scripting (XSS)

Software WP-Optimize Type Plugin Vulnerable versions 3.2.13 Fixed in 3.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1119 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 74a58d2a57e4 Credits Paolo Elia Required...

WordPress Houzez CRM Plugin <= 1.3.4 is vulnerable to SQL Injection

Software Houzez CRM Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-36529 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 5387270a680b Credits Dave Jong Patchstack Required privilege Subscriber...