WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Server Side Request Forgery (SSRF)

Software GiveWP Type Plugin Vulnerable versions = 2.25.1 Fixed in 2.25.2 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2022-40312 Patch priority Low CVSS severity Low 5.5 Developer Liquid Web / StellarWP PSID bdfc49563a46 Credits Rafie Muhammad...

WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Scripting (XSS)

Software GiveWP Type Plugin Vulnerable versions = 2.25.1 Fixed in 2.25.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23668 Patch priority Low CVSS severity Low 6.5 Developer Liquid Web / StellarWP PSID 17d2bd271dd1 Credits Rafshanzani Suhada...

WordPress Clone Plugin <= 2.3.7 is vulnerable to Broken Access Control

Software Clone Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25486 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 289ad9c968ce Credits Mika Required privilege Subscriber...

WordPress Big Store Theme <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Big Store Type Theme Vulnerable versions = 1.9.3 Fixed in 1.9.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27431 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7ff26778242f Credits Dave Jong Patchstack...

WordPress AMP Toolbox Plugin <= 2.1.1 is vulnerable to Server Side Request Forgery (SSRF)

Software AMP Toolbox Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 63986eb9d832 Credits Dave Jong Patchstack Required...

WordPress Confirm Data Plugin <= 1.0.7 is vulnerable to Server Side Request Forgery (SSRF)

Software Confirm Data Type Plugin Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 486c54ed7457 Credits Dave Jong Patchstack Required...

WordPress Classic Editor and Classic Widgets Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Classic Editor and Classic Widgets Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27434 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c89f9ac26cdb Credits...

WordPress Total Theme <= 2.1.19 is vulnerable to Broken Authentication

Software Total Type Theme Vulnerable versions = 2.1.19 Fixed in 2.1.20 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-27456 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 9519255e632c Credits Dave Jong Patchstack Required...

WordPress WoodMart Theme 7.1.1 Cross Site Request Forgery

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress WoodMart Theme deactivate; $this-notices-addsuccess 'Theme license is successfully deactivated.' ; return; if isset $POST'woodmart-purchase-code' &...

WordPress WoodMart Theme 7.1.0 Shortcodes Injection Vulnerability

The WoodMart premium theme for WordPress is vulnerable to unauthenticated arbitrary shortcodes injection in versions 7.1.0 and below. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. ==== Z://USB-00RESEARCH/WORDPRESS/...

WordPress Calculated Fields Form Plugin <= 1.1.120 is vulnerable to Other Vulnerability Type

Software Calculated Fields Form Type Plugin Vulnerable versions = 1.1.120 Fixed in 1.1.121 OWASP Top 10 A5: Broken Access Control Classification Other Vulnerability Type CVE CVE-2023-26523 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b1f5377f573e Credits István Márton...

WordPress OceanWP Theme <= 3.4.1 is vulnerable to Local File Inclusion

Software OceanWP Type Theme Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-23700 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 78647cd015a5 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Houzez Theme <= 2.7.1 is vulnerable to Privilege Escalation

Software Houzez Type Theme Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A6: Security Misconfiguration Classification Privilege Escalation CVE CVE-2023-26540 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b55954a80a37 Credits Dave Jong Patchstack Required...

WordPress Zendrop – Global Dropshipping Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Zendrop – Global Dropshipping Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Upload CVE CVE-2023-25970 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 180f30af21a8 Credits Dave Jong...

WordPress Houzez Login Register Plugin <= 2.6.3 is vulnerable to Privilege Escalation

Software Houzez Login Register Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A6: Security Misconfiguration Classification Privilege Escalation CVE CVE-2023-26009 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b750f0181968 Credits Dave Jong Patchsta...

WordPress Contextual Related Posts Plugin <= 3.3.1 is vulnerable to Broken Access Control

Software Contextual Related Posts Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer WebberZone PSID e8edb816581c Credits WordFence Required privilege...

WordPress WP Dynamic Keywords Injector Plugin <= 2.3.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Dynamic Keywords Injector Type Plugin Vulnerable versions = 2.3.15 Fixed in 2.3.16 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47141 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c2248ca9d15a Credits...

WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS)

Software ProfilePress Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23820 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1dded0badc30 Credits Rafie Muhammad Patchstack...

WordPress UsersWP Plugin <= 1.2.3.9 is vulnerable to CSV Injection

Software UsersWP Type Plugin Vulnerable versions = 1.2.3.9 Fixed in 1.2.3.10 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-47442 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 9e86dfeb7cfc Credits Justiice Required privilege Subscriber Published 20...

WordPress WP Coder Plugin < 2.5.4 is vulnerable to SQL Injection

Software WP Coder Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0895 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID af35ebdc8e18 Credits Etan Imanol Castro Aldrete Required privilege Administrator...