WordPress LearnDash LMS Plugin <= 4.5.3 is vulnerable to SQL Injection

Software LearnDash LMS Type Plugin Vulnerable versions = 4.5.3 Fixed in 4.5.3.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28777 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID badba795df6c Credits Rafie Muhammad Patchstack Required privilege...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.60 is vulnerable to Other Vulnerability Type

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.60 Fixed in 1.5.61 OWASP Top 10 A6: Security Misconfiguration Classification Other Vulnerability Type CVE CVE-2023-31090 Patch priority Low CVSS severity Low 9.9 Developer Unlimited...

WordPress WIP Custom Login Plugin <= 1.2.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software WIP Custom Login Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-33313 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0446832940c9 Credits LEE SE HYOUNG...

WordPress Medical Heed Theme <= 1.1.4 is vulnerable to Broken Access Control

Software Medical Heed Type Theme Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 09338a3a94d6 Credits Dave Jong Patchstack Required...

WordPress BuzzStore Theme <= 1.3.7 is vulnerable to Broken Access Control

Software BuzzStore Type Theme Vulnerable versions = 1.3.7 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 417a412e86ab Credits Dave Jong Patchstack Required...

WordPress Easing Slider Plugin <= 3.0.8 is vulnerable to Broken Access Control

Software Easing Slider Type Plugin Vulnerable versions = 3.0.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30490 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 639251557771 Credits Dave Jong Patchstack Required...

WordPress Appzend Theme <= 1.2.1 is vulnerable to Broken Access Control

Software Appzend Type Theme Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 0ac1128362ed Credits Dave Jong Patchstack Required...

WordPress Kingcabs Theme <= 1.1.6 is vulnerable to Broken Access Control

Software Kingcabs Type Theme Vulnerable versions = 1.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 2d230f2e2cbf Credits Dave Jong Patchstack Required...

WordPress SparkleStore Theme <= 1.6.0 is vulnerable to Broken Access Control

Software SparkleStore Type Theme Vulnerable versions = 1.6.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID eac4d697c839 Credits Dave Jong Patchstack Required...

WordPress Online eStore Theme <= 1.0.9 is vulnerable to Broken Access Control

Software Online eStore Type Theme Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 729988cdbce6 Credits Dave Jong Patchstack Require...

WordPress SpiderMag Theme <= 1.1.7 is vulnerable to Broken Access Control

Software SpiderMag Type Theme Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ebe1f256ec21 Credits Dave Jong Patchstack Required...

WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection

Software WooCommerce Product Add-ons Type Plugin Vulnerable versions = 6.1.3 Fixed in 6.2.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-32795 Patch priority Medium CVSS severity Medium 8.2 Developer Claim ownership PSID 8de26d9f8493 Credits Rafie Muhammad Patchstac...

WordPress WooCommerce Pre-Orders Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Pre-Orders Type Plugin Vulnerable versions = 1.9.0 Fixed in 2.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32802 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 410dcc0b8c9c Credits Rafie...

WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to SQL Injection

Software AutomateWoo Type Plugin Vulnerable versions = 5.7.1 Fixed in 5.7.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32743 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6c3f55d579a4 Credits Rafie Muhammad Patchstack Required privilege Shop...

New Flaw in WordPress Plugin Used by Over a Million Sites Under Active Exploitation

A security vulnerability has been disclosed in the popular WordPress plugin Essential Addons for Elementor that could be potentially exploited to achieve elevated privileges on affected sites. The issue, tracked as CVE-2023-32243, has been addressed by the plugin maintainers in version 5.7.2 that...

WordPress Easy Hide Login Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Easy Hide Login Type Plugin Vulnerable versions = 1.0.8 Fixed in 1.0.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-31075 Patch priority Low CVSS severity Low 5.4 Developer WebFactory Ltd. PSID bee255c46b58 Credits konagash Required...

WordPress Woodmart Core Plugin <= 1.0.36 is vulnerable to PHP Object Injection

Software Woodmart Core Type Plugin Vulnerable versions = 1.0.36 Fixed in 1.0.37 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-32242 Patch priority High CVSS severity High 9.8 Developer Xtemos PSID 779c53b2f97f Credits Dave Jong Patchstack Required privilege...

WordPress Woodmart Core Plugin <= 1.0.36 is vulnerable to Privilege Escalation

Software Woodmart Core Type Plugin Vulnerable versions = 1.0.36 Fixed in 1.0.37 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-32244 Patch priority High CVSS severity High 9.8 Developer Xtemos PSID a0b94835d329 Credits Dave Jong Patchstack Required privile...

WordPress Flatsome Theme <= 3.16.8 is vulnerable to Cross Site Scripting (XSS)

Software Flatsome Type Theme Vulnerable versions = 3.16.8 Fixed in 3.17.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28994 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c500cd25ae6b Credits Rafie Muhammad Patchsta...

WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32509 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e62fb3aadea4 Credits minhtuana...