WordPress Paid Memberships Pro Plugin <= 1.2.3 is vulnerable to Broken Access Control

Software Paid Memberships Pro Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-39990 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bcc25db021d7 Credits Rafie Muhammad Patchstac...

WordPress Profile Builder Plugin < 3.9.8 is vulnerable to Broken Access Control

Software Profile Builder Type Plugin Vulnerable versions 3.9.8 Fixed in 3.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d26167c89534 Credits WordFence Required privilege Unauthenticat...

WordPress Sign-up Sheets Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Sign-up Sheets Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39165 Patch priority Low CVSS severity Low 5.4 Developer Fetch Designs PSID 3cb2a78e83f5 Credits Nguyen Xuan Chien...

WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Privilege Escalation

Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2023-4140 Patch priority Medium CVSS severity Medium 6.6 Developer Claim ownership PSID 2cf9cad320b2 Credits István Márton...

Exploit for Cross-site Scripting in Ninjaforms Ninja_Forms

CVE-2023-37979 Exploit !Python Versionhttps://img.shields...

Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable

Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data. The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below,...

WordPress CartFlows Pro Plugin <= 1.11.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software CartFlows Pro Type Plugin Vulnerable versions = 1.11.12 Fixed in 1.11.13 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-36685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 55367cef894b Credits Rafie Muhammad...

WordPress Discussion Board Plugin <= 2.4.8 is vulnerable to Content Injection

Software Discussion Board Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A5: Broken Access Control Classification Content Injection CVE CVE-2023-39161 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e808296acb35 Credits Abdi Pranata Required privilege...

WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin < 2.0 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Job Board and Recruitment Plugin – JobWP Type Plugin Vulnerable versions 2.0 Fixed in 2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 780dd7fc5706 Credits Raf...

WordPress AGP Font Awesome Collection Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS)

Software AGP Font Awesome Collection Type Plugin Vulnerable versions = 3.2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30481 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ba2b59776bbc Credits Skalucy...

WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software wp tell a friend popup form Type Plugin Vulnerable versions = 7.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25463 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0d96ae4f5c91 Credits yuyudhn...

WordPress Convert Pro Plugin <= 1.7.5 is vulnerable to Broken Access Control

Software Convert Pro Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36684 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a39b0cc59883 Credits Rafie Muhammad Patchstack...

WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL Injection

Software Subscribe to Category Type Plugin Vulnerable versions = 2.7.4 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32590 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2968f51bb060 Credits Mika Required privilege Unauthenticated...

WordPress Gutentor Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Gutentor Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b0388e3a27c7 Credits Rafie Muhammad Patchstack Required privileg...

WordPress Image Carousel For Divi Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Image Carousel For Divi Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 3f302e5b9b05 Credits Rafie Muhammad Patchstack...

WordPress Menu Item Scheduler Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Menu Item Scheduler Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 85b80b505402 Credits Rafie Muhammad Patchstack Required...

WordPress WPGutenBlog Demo Import Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software WPGutenBlog Demo Import Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e838d8b2eb5f Credits Rafie Muhammad Patchstack...

WordPress Display Data on your site! Create Dynamic Content Templates from any form of data. Works with ACF, Pods, BuddyPress/ BuddyBoss Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Display Data on your site! Create Dynamic Content Templates from any form of data. Works with ACF, Pods, BuddyPress/ BuddyBoss Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High...

WordPress SV Posts Plugin <= 1.9.00 is vulnerable to Cross Site Scripting (XSS)

Software SV Posts Type Plugin Vulnerable versions = 1.9.00 Fixed in 2.0.00 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID f4cc0b514da7 Credits Rafie Muhammad Patchstack Required...

WordPress Bulk Landing Page Creator for WordPress LPagery Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Bulk Landing Page Creator for WordPress LPagery Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 60b86f842956 Credits Rafi...