WordPress JetTricks Plugin <= 1.4.6.1 is vulnerable to Broken Access Control

Software JetTricks Type Plugin Vulnerable versions = 1.4.6.1 Fixed in 1.4.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48761 Patch priority Medium CVSS severity Medium 6.3 Developer Crocoblock PSID 889841daf743 Credits Rafie Muhammad Patchstack...

WordPress JetTabs Plugin <= 2.1.25.1 is vulnerable to Broken Access Control

Software JetTabs Type Plugin Vulnerable versions = 2.1.25.1 Fixed in 2.1.25.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID e010512426cf Credits Rafie Muhammad Patchstack...

WordPress Widgets for Árukereső Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload

Software Widgets for Árukereső Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 0e28953b2be2 Credits Rafie Muhammad Patchsta...

WordPress JetReviews Plugin <= 2.3.2 is vulnerable to Broken Access Control

Software JetReviews Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.3.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48761 Patch priority Medium CVSS severity Medium 6.3 Developer Crocoblock PSID 02df9f71dc32 Credits Rafie Muhammad Patchstack...

WordPress JetWooBuilder Plugin <= 2.1.7.2 is vulnerable to Broken Access Control

Software JetWooBuilder Type Plugin Vulnerable versions = 2.1.7.2 Fixed in 2.1.7.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID 8b8b6528e3fb Credits Rafie Muhammad Patchstack...

WordPress Widgets for SourceForge Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload

Software Widgets for SourceForge Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 54da1ae2f502 Credits Rafie Muhammad...

WordPress JetProductGallery Plugin <= 2.1.13.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software JetProductGallery Type Plugin Vulnerable versions = 2.1.13.1 Fixed in 2.1.13.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48762 Patch priority Low CVSS severity Low 6.3 Developer Crocoblock PSID 150144abe99d Credits Rafie Muhammad...

WordPress SoundCloud Shortcode Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software SoundCloud Shortcode Type Plugin Vulnerable versions = 3.1.0 Fixed in 4.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34018 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bb0d82ac536c Credits yuyudhn Required...

WordPress Campaign Monitor for WordPress Plugin <= 2.8.13 is vulnerable to Cross Site Scripting (XSS)

Software Campaign Monitor for WordPress Type Plugin Vulnerable versions = 2.8.13 Fixed in 2.8.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38474 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 625473050b18 Credits Phd Required...

WordPress Participants Database Plugin <= 2.5.5 is vulnerable to Broken Access Control

Software Participants Database Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48751 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 4e4f72b6b27f Credits Yudistira Arya...

WordPress Simply Exclude Plugin <= 2.0.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Simply Exclude Type Plugin Vulnerable versions = 2.0.6.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48743 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 391a661fbc93 Credits Le Ngoc Anh Required privilege...

WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure

Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.1.1 Fixed in 7.1.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-48333 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b3744065c2d4 Credits Dave Jong...

WordPress League Table Plugin <= 1.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software League Table Type Plugin Vulnerable versions = 1.13 Fixed in 1.14 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48334 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 11fbeec1c358 Credits Nguyen Xuan Chien Requir...

WordPress Contact Form Email Plugin <= 1.3.41 is vulnerable to Bypass Vulnerability

Software Contact Form Email Type Plugin Vulnerable versions = 1.3.41 Fixed in 1.3.42 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-48318 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f3190218dd33 Credits qilin99 Required...

WordPress Enfold Theme <= 5.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Enfold Type Theme Vulnerable versions = 5.6.4 Fixed in 5.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38400 Patch priority Medium CVSS severity Medium 7.1 Developer Kriesi PSID 33a791c850de Credits Rafie Muhammad Patchstack Required privilege...

WordPress Quttera Web Malware Scanner Plugin <= 3.4.1.48 is vulnerable to Sensitive Data Exposure

Software Quttera Web Malware Scanner Type Plugin Vulnerable versions = 3.4.1.48 Fixed in 3.4.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6065 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6c25e4bb0dc6 Credits Dmitrii...

WordPress Perfmatters Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Perfmatters Type Plugin Vulnerable versions 2.2.0 Fixed in 2.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47877 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 95a1cb6cdea5 Credits Dave Jong Patchstack Required privileg...

WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Perfmatters Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47875 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 02a9c657f03b Credits Dave Jong Patchstack...

WordPress Audio Merchant Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Audio Merchant Type Plugin Vulnerable versions = 5.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6196 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 8d1ec07de68f Credits Ala Arfaoui Required...

WordPress Grab & Save Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Grab & Save Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47844 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 52717b94fa86 Credits Dimas Maulana Required privilege...