WordPress Floating Awesome Button Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Floating Awesome Button Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.7.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a554276c1f96 Credits Rafie Muhammad Patchstac...

WordPress Go Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view counters Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Go Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view counters Type Plugin Vulnerable versions = 1.8.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severit...

WordPress Video Embed & Thumbnail Generator Plugin < 4.8.11 is vulnerable to Cross Site Scripting (XSS)

Software Video Embed & Thumbnail Generator Type Plugin Vulnerable versions 4.8.11 Fixed in 4.8.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 593159c2fc96 Credits Rafie Muhammad...

WordPress Convert Classic Editor to Gutenberg Blocks Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Convert Classic Editor to Gutenberg Blocks Type Plugin Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5e43f482848c Credits Rafie...

WordPress Instant Page Load Plugin <= 1.09 is vulnerable to Cross Site Scripting (XSS)

Software Instant Page Load Type Plugin Vulnerable versions = 1.09 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e04533f20844 Credits Rafie Muhammad Patchstack Require...

WordPress Rating Widget Plugin < 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Rating Widget Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Rating-Widget PSID fd73e6791148 Credits Rafie Muhammad Patchstack Required...

WordPress GOAuth Plugin <= 2.20 is vulnerable to Cross Site Scripting (XSS)

Software GOAuth Type Plugin Vulnerable versions = 2.20 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1aeda2a1b24f Credits Rafie Muhammad Patchstack Required privilege...

WordPress WP Post Block Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Post Block Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2abff47d3ce8 Credits Rafie Muhammad Patchstack Required...

WordPress HT Mega Plugin <= 2.2.0 is vulnerable to Privilege Escalation

Software HT Mega Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-37999 Patch priority High CVSS severity High 9.8 Developer HTMega PSID bbe5238c947f Credits Rafie Muhammad Patchstac...

WordPress WPFunnels Plugin <= 2.7.16 is vulnerable to Cross Site Scripting (XSS)

Software WPFunnels Type Plugin Vulnerable versions = 2.7.16 Fixed in 2.7.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-37977 Patch priority Medium CVSS severity Medium 7.1 Developer WPFunnels Team PSID 5b27642361cb Credits LEE SE HYOUNG hackintoanetwork Requir...

WordPress Coming Soon Chop Chop Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Coming Soon Chop Chop Type Plugin Vulnerable versions = 2.2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-37893 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a25fdf76e34 Credits Phd Required...

WordPress WooCommerce Warranty Requests Plugin <= 2.1.9 is vulnerable to Broken Access Control

Software WooCommerce Warranty Requests Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-37870 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID a8cf2ee414a2 Credits Rafie Muhamma...

WordPress ARMember Plugin <= 4.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software ARMember Type Plugin Vulnerable versions = 4.0.5 Fixed in 4.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7cdd5c04b280 Credits Cat Required privilege...

WordPress Booking Package Plugin <= 1.5.98 is vulnerable to Privilege Escalation

Software Booking Package Type Plugin Vulnerable versions = 1.5.98 Fixed in 1.5.99 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-37389 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 0ff1d9e379c0 Credits Rafie...

WordPress JetFormBuilder Plugin <= 3.0.8 is vulnerable to Privilege Escalation

Software JetFormBuilder Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-37866 Patch priority Medium CVSS severity Medium 7.2 Developer Crocoblock PSID bb75400351be Credits Rafie...

WordPress Premium Addons PRO Plugin <= 2.9.0 is vulnerable to Sensitive Data Exposure

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.9.0 Fixed in 2.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-37868 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 61bc62d7d465 Credits Rafie Muhammad...

WordPress Masteriyo - LMS Plugin < 1.6.8 is vulnerable to Sensitive Data Exposure

Software Masteriyo - LMS Type Plugin Vulnerable versions 1.6.8 Fixed in 1.6.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Masteriyo PSID aef3f4a1c0c4 Credits Unknown Required privilege Subscriber...

WordPress User Registration Plugin <= 3.0.2 is vulnerable to Arbitrary File Upload

Software User Registration Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.2.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-3342 Patch priority High CVSS severity High 9.9 Developer Masteriyo PSID 9e6954072452 Credits István Márton Required privilege Subscribe...

WordPress WP-Optimize Plugin < 3.2.13 is vulnerable to Cross Site Scripting (XSS)

Software WP-Optimize Type Plugin Vulnerable versions 3.2.13 Fixed in 3.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1119 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 74a58d2a57e4 Credits Paolo Elia Required...

WordPress Houzez CRM Plugin <= 1.3.4 is vulnerable to SQL Injection

Software Houzez CRM Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-36529 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 5387270a680b Credits Dave Jong Patchstack Required privilege Subscriber...