WordPress Zippy Plugin <= 1.6.5 is vulnerable to PHP Object Injection

Software Zippy Type Plugin Vulnerable versions = 1.6.5 Fixed in 1.6.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-36381 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 06b21be6012c Credits Jeong Seong Ho Required privilege Author Published 2...

WordPress Form Builder Plugin <= 1.9.9.0 is vulnerable to CSV Injection

Software Form Builder Type Plugin Vulnerable versions = 1.9.9.0 Fixed in N/A OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-23796 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 2e9cd4b8cc95 Credits Rafshanzani Suhada Required privilege Unauthenticate...

WordPress Gravity Forms Plugin < 2.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Gravity Forms Type Plugin Vulnerable versions 2.7.5 Fixed in 2.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2701 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 17cbc85493b8 Credits Fioravante Souza WPScan...

WordPress Lana Text to Image Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Lana Text to Image Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3387 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 0d489ec1b616 Credits István Márton...

WordPress Five Star Restaurant Reservations Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Software Five Star Restaurant Reservations Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34017 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 22f1573af085 Credits...

WordPress WP Directory Kit Plugin < 1.2.0 is vulnerable to Local File Inclusion

Software WP Directory Kit Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-2278 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 5c152fb4dc7b Credits Lana Codes Required privilege...

WordPress CF7 Google Sheets Connector Pro Plugin <= 2.3.5 is vulnerable to Cross Site Scripting (XSS)

Software CF7 Google Sheets Connector Pro Type Plugin Vulnerable versions = 2.3.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2320 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 2600f79af18c Credits Erwan LR...

WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ultimate Member Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-31216 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 08a533c99ec9 Credits Nguyen Xuan Chien...

WordPress Greeklish-permalink Plugin <= 3.3 is vulnerable to Privilege Escalation

Software Greeklish-permalink Type Plugin Vulnerable versions = 3.3 Fixed in N/A OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-2495 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID fc7e9236dbd8 Credits Jonas Höbenreich Required...

WordPress WooCommerce PayPal Payments Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce PayPal Payments Type Plugin Vulnerable versions = 2.0.4 Fixed in 2.0.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35917 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 826365482c2a Credits Rafie...

WordPress WooCommerce Bulk Stock Management Plugin <= 2.2.33 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Bulk Stock Management Type Plugin Vulnerable versions = 2.2.33 Fixed in 2.2.34 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35918 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a924d0ef14a Credi...

WordPress Complianz Premium Plugin <= 6.4.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Complianz Premium Type Plugin Vulnerable versions = 6.4.6.1 Fixed in 6.4.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-33333 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID d6646d9333a1 Credits Rafie Muhammad...

WordPress Complianz – GDPR/CCPA Cookie Consent Plugin <= 6.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Complianz – GDPR/CCPA Cookie Consent Type Plugin Vulnerable versions = 6.4.5 Fixed in 6.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a135bb16d42c Credit...

Exploit for Cross-site Scripting in Advancedcustomfields Advanced_Custom_Fields

CVE-2023-30777 Proof of Concept PoC URL generator for...

Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin

A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which...

WordPress Directorist Plugin <= 7.5.4 is vulnerable to Arbitrary Content Deletion

Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-35052 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b65e2c5bf2dc Credits Rafshanzani Suhada Required...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0694 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID 15806b79fbee Credits Ramuel Gall...

WordPress Tree Page View 1.6.7 Cross Site Scripting

Exploit Title: Tree Page View Plugin 1.6.7 - Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/cms-tree-page-view/ Date: 2023-04-24 Exploit Author: LEE SE HYOUNG hackintoanetwork Vendor Homepage: https://wordpress.org/plugins/cms-tree-page-view/ Software Link:...

Tree Page View Plugin 1.6.7 - Cross Site Scripting Vulnerability

Exploit Title: Tree Page View Plugin 1.6.7 - Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/cms-tree-page-view/ Exploit Author: LEE SE HYOUNG hackintoanetwork Vendor Homepage: https://wordpress.org/plugins/cms-tree-page-view/ Software Link:...

WordPress Page Builder with Image Map by AZEXO Plugin <= 1.27.133 is vulnerable to Broken Access Control

Software Page Builder with Image Map by AZEXO Type Plugin Vulnerable versions = 1.27.133 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3053 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bcb4f38dcc4d Credits...