WordPress Duplicate Theme Plugin <= 0.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Duplicate Theme Type Plugin Vulnerable versions = 0.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46204 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 984be09156c0 Credits Elliot Required...

WordPress Archivist – Custom Archive Templates Plugin <= 1.7.7 is vulnerable to Cross Site Scripting (XSS)

Software Archivist – Custom Archive Templates Type Plugin Vulnerable versions = 1.7.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46194 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 9eaf34517c88 Credit...

WordPress Templately Plugin < 2.2.6 is vulnerable to Broken Access Control

Software Templately Type Plugin Vulnerable versions 2.2.6 Fixed in 2.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5454 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d43e1c889b21 Credits Krzysztof Zając CERT PL Require...

WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)

Software Spider Facebook Type Plugin Vulnerable versions = 1.0.15 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46090 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 44993b9d3d08 Credits LEE SE HYOUNG...

WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to SQL Injection

Software Icons Font Loader Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.2.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-46084 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 98ab41839260 Credits minhtuanact Required privilege Subscriber...

WordPress Ajax Archive Calendar Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Archive Calendar Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46069 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2c6a1e009987 Credits Ngô Thiên An ancorn from...

WordPress Broken Link Checker | Finder Plugin <= 2.4.2 is vulnerable to Broken Access Control

Software Broken Link Checker | Finder Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.5.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46082 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID cfffdd260ad0 Credits Abdi Prana...

WordPress Gutenberg Plugin <= 16.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Type Plugin Vulnerable versions = 16.8.0 Fixed in 16.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38000 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fc1d5fbe52a2 Credits Rafie Muhammad Patchstack Required...

WordPress Ultimate Taxonomy Manager Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ultimate Taxonomy Manager Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45836 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 646016b8aa59 Credits thiennv...

WordPress Simple Tweet Plugin <= 1.4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Tweet Type Plugin Vulnerable versions = 1.4.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45767 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3b30792fe2d1 Credits Rio Darmawan Required...

WordPress Sort SearchResult By Title Plugin <= 10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Sort SearchResult By Title Type Plugin Vulnerable versions = 10.0 Fixed in 11.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45639 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3afb47c8e79f Credits Skalucy...

WordPress WP Lightbox 2 Plugin <= 3.0.6.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Lightbox 2 Type Plugin Vulnerable versions = 3.0.6.5 Fixed in 3.0.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45747 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ca09e79d583e Credits Rio Darmawan Required...

WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Remote Code Execution (RCE)

Software Nexter Extension Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-45751 Patch priority Medium CVSS severity Medium 9.1 Developer POSIMYTH Innovations PSID 69a3443fb3d9 Credits Rafie Muhammad Patchstack...

WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software ApplyOnline – Application Form Builder and Manager Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45756 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID...

WordPress Post Gallery Plugin <= 2.3.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Gallery Type Plugin Vulnerable versions = 2.3.12 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45752 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e7bbac19db20 Credits Mika Required privilege...

WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)

Software Video Player Type Plugin Vulnerable versions = 1.5.22 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45632 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e6d8799fdd9f Credits Elliot Required...

WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Responsive Image Gallery, Gallery Album Type Plugin Vulnerable versions = 2.0.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45629 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c264401c72ac Credi...

WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Broken Access Control

Software Responsive Image Gallery, Gallery Album Type Plugin Vulnerable versions = 2.0.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45631 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7e6e693f7601 Credits thiennv...

WordPress Appointment Hour Booking Plugin <= 1.4.23 is vulnerable to Broken Access Control

Software Appointment Hour Booking Type Plugin Vulnerable versions = 1.4.23 Fixed in 1.4.24 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45649 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ded4fde40f34 Credits konagash Required...

WordPress Ebook Store Plugin <= 5.8002 is vulnerable to Cross Site Scripting (XSS)

Software Ebook Store Type Plugin Vulnerable versions = 5.8002 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45602 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 98c678ae3282 Credits Le Ngoc Anh Required...