WordPress Modula Image Gallery Plugin < 2.6.91 Broken Access Control Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress Inactive User Deleter Plugin <= 1.59 is vulnerable to Cross Site Request Forgery (CSRF)

Software Inactive User Deleter Type Plugin Vulnerable versions = 1.59 Fixed in 1.60 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d63c45f14395 Credits Mika Required...

WordPress ChatBot Plugin <= 4.4.6 is vulnerable to PHP Object Injection

Software ChatBot Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1650 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 84bd0e4874e7 Credits Erwan LR Required privilege Unauthenticated...

WordPress Ninja Tables Plugin <= 4.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ninja Tables Type Plugin Vulnerable versions = 4.3.4 Fixed in 4.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47136 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 90c8d61f957e Credits Muhammad Daffa Require...

WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to SQL Injection

Software Email posts to subscribers Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46818 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID ac023e13840e Credits Le Ngoc Anh Required privilege...

WordPress WP Custom Author URL Plugin < 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Custom Author URL Type Plugin Vulnerable versions 1.0.5 Fixed in 1.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1614 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 759b597f5797 Credits Shreya Pohekar Requir...

WordPress Cloud Manager Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Cloud Manager Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0421 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e0814c8cc2bc Credits Shreya Pohekar Required...

WordPress Educenter Theme <= 1.5.5 is vulnerable to Broken Access Control

Software Educenter Type Theme Vulnerable versions = 1.5.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30480 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5f9286f8d48f Credits Dave Jong Patchstack Required privileg...

WordPress Events Made Easy Plugin <= 2.3.14 is vulnerable to SQL Injection

Software Events Made Easy Type Plugin Vulnerable versions = 2.3.14 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28660 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID b6f80ca22af2 Credits Joshua Martinelle Tenable Research Required...

WordPress InPost Gallery Plugin <= 2.1.4.1 is vulnerable to Cross Site Scripting (XSS)

Software InPost Gallery Type Plugin Vulnerable versions = 2.1.4.1 Fixed in 2.1.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28666 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a2e097871dba Credits Joshua Martinelle...

WordPress Steveas WP Live Chat Shoutbox Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Steveas WP Live Chat Shoutbox Type Plugin Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0899 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 96c9d942cc37 Credits Simone...

WordPress Steveas WP Live Chat Shoutbox Plugin <= 1.4.2 is vulnerable to SQL Injection

Software Steveas WP Live Chat Shoutbox Type Plugin Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1020 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 176c8169feb6 Credits Simone Onofri Donato Onofri Required...

WordPress Spiffy Calendar Plugin <= 4.9.1 is vulnerable to SQL Injection

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.1 Fixed in 4.9.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46859 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 127ff2924c25 Credits Justiice Required privilege Subscriber Publishe...

WordPress SEOPress Plugin <= 6.5.0.2 is vulnerable to PHP Object Injection

Software SEOPress Type Plugin Vulnerable versions = 6.5.0.2 Fixed in 6.5.0.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1669 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 045f095df46e Credits Nguyen Huu Do Required privilege Administrator...

Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk!

Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version...

WordPress Order date time for WooCommerce Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS)

Software Order date time for WooCommerce Type Plugin Vulnerable versions = 3.0.19 Fixed in 3.0.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28991 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7482ff6d1d87 Credits Myung...

WordPress Affiliates Manager Plugin <= 2.9.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliates Manager Type Plugin Vulnerable versions = 2.9.20 Fixed in 2.9.21 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28986 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fc4c4d12d1a1 Credits minhtuanact...

WordPress HappyFiles Pro Plugin <= 1.8.1 is vulnerable to Arbitrary File Deletion

Software HappyFiles Pro Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-25446 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 9c01f634cec4 Credits Dave Jong Patchstack...

WordPress HappyFiles Pro Plugin <= 1.8.1 is vulnerable to Broken Access Control

Software HappyFiles Pro Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25445 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 518a5cea4b57 Credits Dave Jong Patchstack...

WordPress real-estate-pro Plugin < 1.7.1 is vulnerable to Privilege Escalation

Software real-estate-pro Type Plugin Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a8f610e7b2fc Credits Omar Badran Required privilege...