WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control

Software Advanced Dynamic Pricing for WooCommerce Type Plugin Vulnerable versions = 4.1.5 Fixed in 4.1.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-40203 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 061da4b2f208 Credit...

WordPress Ocean Extra Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Ocean Extra Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24399 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 12709d497a32 Credits Rafie Muhammad Patchstack...

WordPress Product Reviews Import Export for WooCommerce Plugin <= 1.4.8 is vulnerable to CSV Injection

Software Product Reviews Import Export for WooCommerce Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.4.9 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-46802 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID 8bd54902f1b0 Credits Mika Required...

WordPress WatchTowerHQ Plugin <= 3.6.16 is vulnerable to Privilege Escalation

Software WatchTowerHQ Type Plugin Vulnerable versions = 3.6.16 Fixed in 3.6.17 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-25701 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d4d81217130b Credits Dave Jong Patchstack Required...

WordPress ColorWay Theme <= 4.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software ColorWay Type Theme Vulnerable versions = 4.2.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25447 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8b4dcf58f1d4 Credits Dave Jong Patchstack Required...

WordPress Responsive Pricing Table Plugin <= 5.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Pricing Table Type Plugin Vulnerable versions = 5.1.6 Fixed in 5.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46855 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8d5fffd282ff Credits Muhammad Daffa...

WordPress Magazine Edge Theme <= 1.13 is vulnerable to Broken Authentication

Software Magazine Edge Type Theme Vulnerable versions = 1.13 Fixed in N/A OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-25068 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 9064016ee308 Credits Dave Jong Patchstack Required...

WordPress FV Flowplayer Video Player Plugin <= 7.5.30.7212 is vulnerable to Cross Site Request Forgery (CSRF)

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.30.7212 Fixed in 7.5.31.7212 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25066 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6e1e63620b79...

Update your LearnPress plugins now!

Its time for a reminder to ensure all of your WordPress plugins are fully up to date or removed, if you don't need them. Bleeping Computer reports that as many as 75,000 WordPress sites may be open to several flaws in a plugin called LearnPress. Worse, the update tally for users of the plugin isn...

WordPress DH – Anti AdBlocker Plugin <= 36 is vulnerable to Cross Site Request Forgery (CSRF)

Software DH – Anti AdBlocker Type Plugin Vulnerable versions = 36 Fixed in 37 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47162 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1473176655f8 Credits rezaduty Required...

WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.1 is vulnerable to Arbitrary File Upload

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Upload CVE CVE-2022-46839 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 21f585ae6afa Credi...

WordPress ChatBot Plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software ChatBot Type Plugin Vulnerable versions = 4.2.8 Fixed in 4.2.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24415 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 56586a24f6dd Credits Rafshanzani Suhada Required...

WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46842 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID...

WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Booking calendar, Appointment Booking System Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24388 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ec594d278c4...

WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.5.14 is vulnerable to Broken Access Control

Software WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Type Plugin Vulnerable versions = 7.5.14 Fixed in 7.6.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-24375 Patch priority Low CVSS severity Low 3.5 Developer Claim ownership...

WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.1 is vulnerable to Broken Access Control

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-46840 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2e809058d839 Credit...

WordPress Page Builder: Live Composer Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.22 Fixed in 1.5.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4669 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3a851e56815e Credits Istv...

WordPress Easy Affiliate Links Plugin < 3.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Easy Affiliate Links Type Plugin Vulnerable versions 3.7.1 Fixed in 3.7.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0375 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6cffde070434 Credits István Márton...

WordPress Parsi Date Plugin < 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Parsi Date Type Plugin Vulnerable versions 4.0.2 Fixed in 4.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID d0d0311f443b Credits WPScan Required privilege Unauthenticat...

WordPress Pinpoint Booking System Plugin < 2.9.9.2.9 is vulnerable to SQL Injection

Software Pinpoint Booking System Type Plugin Vulnerable versions 2.9.9.2.9 Fixed in 2.9.9.2.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0220 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7276b0492738 Credits István Márton Required privilege...