WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.4.2 is vulnerable to Broken Access Control

Software Online Booking & Scheduling Calendar for WordPress by vcita Type Plugin Vulnerable versions = 4.4.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2299 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID...

WordPress Premium Addons PRO Plugin <= 2.8.24 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.8.24 Fixed in 2.8.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34012 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3e100a687a90 Credits Rafie Muhamm...

WordPress Front End Users Plugin <= 3.2.24 is vulnerable to Cross Site Request Forgery (CSRF)

Software Front End Users Type Plugin Vulnerable versions = 3.2.24 Fixed in 3.2.25 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34005 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9bd5b3b01292 Credits thiennv Required...

WordPress Advanced Flat rate shipping Woocommerce Plugin <= 1.6.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Advanced Flat rate shipping Woocommerce Type Plugin Vulnerable versions = 1.6.4.4 Fixed in 1.6.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34015 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 47ba6a8a749f...

WordPress Formidable Forms Plugin < 6.3.1 is vulnerable to Broken Access Control

Software Formidable Forms Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bb421c7db580 Credits WordFence Required privilege...

WordPress Custom Twitter Feeds (Tweets Widget) Plugin < 2.0 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:smashballoon:customtwitterfeeds"; if description...

WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-25990 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f1abc8ca80b8 Credits Rafie Muhammad Patchstack Required privilege Tutor...

WordPress Tutor LMS Plugin <= 2.2.0 is vulnerable to SQL Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-25800 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 098051db4335 Credits Rafie Muhammad Patchstack Required privilege Student...

WordPress LWS Hide Login Plugin <= 2.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software LWS Hide Login Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34025 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 568d5d97d18d Credits konagash Required...

WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Report Post Type Plugin Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34171 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b0cdb56a7f60 Credits Mika Required privileg...

WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to SQL Injection

Software WP Report Post Type Plugin Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-34168 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 8b1f55478a8c Credits Mika Required privilege Editor Published 30 May, 202...

WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Social Login Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34172 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e55743dd677b Credits yuyudhn Required...

WordPress Recently Viewed Products Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Recently Viewed Products Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-34027 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 9c6c9d223c96 Credits Mika Required privilege...

WordPress HashOne Theme <= 1.3.0 is vulnerable to Broken Access Control

Software HashOne Type Theme Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33923 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db48b6df310a Credits Dave Jong Patchstack Required privileg...

WordPress Viral Theme <= 1.8.0 is vulnerable to Broken Access Control

Software Viral Type Theme Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33923 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aa99c7c8ddb8 Credits Dave Jong Patchstack Required privilege...

WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Product Vendors Type Plugin Vulnerable versions = 2.1.76 Fixed in 2.1.77 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33332 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 14e3563e81ba Credits Raf...

WordPress OAuth Single Sign On – SSO (OAuth Client) Plugin <= 6.23.3 is vulnerable to Broken Authentication

Software OAuth Single Sign On – SSO OAuth Client Type Plugin Vulnerable versions = 6.23.3 Fixed in 6.23.4 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2022-34155 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 74c6748a10df Credits...

WordPress Rank Math SEO PRO Plugin <= 3.0.35 is vulnerable to Cross Site Scripting (XSS)

Software Rank Math SEO PRO Type Plugin Vulnerable versions = 3.0.35 Fixed in 3.0.36 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32800 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 436b3db030cf Credits Rafie Muhamma...

WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to SQL Injection

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-31212 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID e8d727f37fdc Credits Rafie Muhammad Patchstack Required privilege...

WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33311 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eead2c1f0998 Credits Rafie Muhammad...