WordPress Booster Elite for WooCommerce Plugin < 7.1.2 is vulnerable to Sensitive Data Exposure

Software Booster Elite for WooCommerce Type Plugin Vulnerable versions 7.1.2 Fixed in 7.1.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-52234 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1cbd56a2d0a1 Credits Dave Jong...

WordPress WooCommerce Tranzila Gateway Plugin <= 1.0.8 is vulnerable to PHP Object Injection

Software WooCommerce Tranzila Gateway Type Plugin Vulnerable versions = 1.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52218 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 69111059637e Credits Rafie Muhammad Patchstack...

WordPress Taggbox Plugin <= 3.1 is vulnerable to PHP Object Injection

Software Taggbox Type Plugin Vulnerable versions = 3.1 Fixed in 3.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52225 Patch priority High CVSS severity High 10 Developer Claim ownership PSID cec0f62daeea Credits Rafie Muhammad Patchstack Required privilege...

WordPress Gecka Terms Thumbnails Plugin <= 1.1 is vulnerable to PHP Object Injection

Software Gecka Terms Thumbnails Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52219 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 8f080ffeedc5 Credits Rafie Muhammad Patchstack Required...

WordPress Booster Plus for WooCommerce Plugin < 7.1.2 is vulnerable to Sensitive Data Exposure

Software Booster Plus for WooCommerce Type Plugin Vulnerable versions 7.1.2 Fixed in 7.1.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-52231 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 68cd268b2b71 Credits Dave Jong...

WordPress WooCommerce Plugin <= 8.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce Type Plugin Vulnerable versions = 8.2.2 Fixed in 8.3.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52222 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 176f4af4b60c Credits Rafie Muhammad Patchsta...

WordPress HTML5 MP3 Player with Folder Feedburner Plugin <= 2.8.0 is vulnerable to PHP Object Injection

Software HTML5 MP3 Player with Folder Feedburner Type Plugin Vulnerable versions = 2.8.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52202 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID 379c769eaf42 Credits Rafie Muhammad...

WordPress Rate Star Review Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Rate Star Review Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.5.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52213 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 73dc6c7e7398 Credits Kang SeoHee Required privilege...

WordPress WP 2FA Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP 2FA Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6520 Patch priority Low CVSS severity Low 4.3 Developer Melapress PSID 95117a5d7a1e Credits Ulyses Saicha Required privilege...

WordPress ARMember Plugin <= 4.0.22 is vulnerable to Cross Site Request Forgery (CSRF)

Software ARMember Type Plugin Vulnerable versions = 4.0.22 Fixed in 4.0.23 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52200 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 7905097651fa Credits Rafie Muhammad Patchstac...

WordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object Injection

Software ARI Stream Quiz Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52182 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c9a4f35de1f1 Credits Rafie Muhammad Patchstack Required...

WordPress GEO my WordPress Plugin <= 4.0.2 is vulnerable to SQL Injection

Software GEO my WordPress Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-52134 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID fc0434c42d54 Credits Muhammad Daffa Required privilege Administrator...

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.3.0 is vulnerable to PHP Object Injection

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49777 Patch priority Medium CVSS severity Medium 9.1 Developer YITH PSID e13ee0c34e43 Credits Rafie Muhammad Patchstack...

WordPress White Label Plugin <= 2.9.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software White Label Type Plugin Vulnerable versions = 2.9.0 Fixed in 2.9.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52128 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 46d772e6a849 Credits Brandon Roldan Required...

WordPress WP Mail Log Plugin <= 1.1.2 is vulnerable to Arbitrary File Upload

Software WP Mail Log Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-51410 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 12226d2698ab Credits Rafie Muhammad Patchstack Required...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.2.1 is vulnerable to Privilege Escalation

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.3.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51546 Patch priority Medium CVSS severity Medium...

WordPress Database Cleaner Plugin <= 0.9.8 is vulnerable to Sensitive Data Exposure

Software Database Cleaner Type Plugin Vulnerable versions = 0.9.8 Fixed in 0.9.9 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-51508 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c44776f4b131 Credits Joshua...

WordPress Crowdsignal Dashboard – Polls, Surveys & more Plugin <= 3.0.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Crowdsignal Dashboard – Polls, Surveys & more Type Plugin Vulnerable versions = 3.0.11 Fixed in 3.1.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51489 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID...

WordPress Doofinder for WooCommerce Plugin <= 2.0.33 is vulnerable to Broken Access Control

Software Doofinder for WooCommerce Type Plugin Vulnerable versions = 2.0.33 Fixed in 2.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51678 Patch priority Low CVSS severity Low 4.3 Developer Doofinder PSID 9effdff53885 Credits Abdi Pranata Required...

WordPress WP Optin Wheel Plugin <= 1.4.3 is vulnerable to Sensitive Data Exposure

Software WP Optin Wheel Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-51408 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b2bf994f5179 Credits Joshua Ch...