WordPress Upfrontwp Theme <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Upfrontwp Type Theme Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24009 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 4e64aada38f6 Credits Dave Jong Patchstack Required...

WordPress WP Review Slider Plugin < 12.2 is vulnerable to SQL Injection

Software WP Review Slider Type Plugin Vulnerable versions 12.2 Fixed in 12.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0260 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 47e53f2f24b7 Credits István Márton Required privilege Subscriber Publish...

WordPress Twenty20 Image Before-After Plugin <= 1.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Twenty20 Image Before-After Type Plugin Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4580 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d082c511a4c8 Credits István...

WordPress WP TripAdvisor Review Slider Plugin < 10.8 is vulnerable to SQL Injection

Software WP TripAdvisor Review Slider Type Plugin Vulnerable versions 10.8 Fixed in 10.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0261 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dcd0212f495a Credits István Márton Required privilege...

WordPress WP Go Maps Plugin <= 9.0.15 is vulnerable to Directory Traversal

Software WP Go Maps Type Plugin Vulnerable versions = 9.0.15 Fixed in 9.0.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Directory Traversal CVE CVE-2022-47595 Patch priority Low CVSS severity Low 4.9 Developer WP Go Maps PSID ce001c792740 Credits rezaduty Required privilege...

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23974 Patch priority Low CVSS severity Low 5.4 Developer Fullworks Plugins PSID 5e2ae440ff0d Credits yuyudhn...

WordPress MainWP Rocket Extension Plugin <= 4.0.3 is vulnerable to Settings Change

Software MainWP Rocket Extension Type Plugin Vulnerable versions = 4.0.3 Fixed in 4.0.4 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-23665 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 5dab77b10cf4 Credits Dave Jong Patchstack...

WordPress MainWP BlogVault Backup Extension Plugin <= 1.3 is vulnerable to Broken Access Control

Software MainWP BlogVault Backup Extension Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23741 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID a23fba51ad99 Credits Dave Jong...

WordPress MainWP Post Dripper Extension Plugin <= 4.0.4 is vulnerable to Arbitrary Content Deletion

Software MainWP Post Dripper Extension Type Plugin Vulnerable versions = 4.0.4 Fixed in 4.0.5 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-23661 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a90f0687ae2a Credits Dave Jon...

WordPress MainWP iThemes Security Extension Plugin <= 4.1.1 is vulnerable to Broken Access Control

Software MainWP iThemes Security Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23643 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 4ac1fa6eea51 Credits Dave...

WordPress MainWP Google Analytics Extension Plugin <= 4.0.4 is vulnerable to Settings Change

Software MainWP Google Analytics Extension Type Plugin Vulnerable versions = 4.0.4 Fixed in 4.0.5 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-23652 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID cef3e9a579b0 Credits Dave Jong...

WordPress MainWP Page Speed Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software MainWP Page Speed Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23644 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID c113f0a834c9 Credits Dave Jong...

WordPress MainWP Boilerplate Extension Plugin <= 4.1 is vulnerable to Broken Access Control

Software MainWP Boilerplate Extension Type Plugin Vulnerable versions = 4.1 Fixed in 4.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23745 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bc472be7aa50 Credits Dave Jong...

WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 is vulnerable to Broken Access Control

Software MainWP UpdraftPlus Extension Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23640 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 075f06640c08 Credits Dave Jong...

WordPress MainWP Broken Links Checker Extension Plugin <= 4.0 is vulnerable to Broken Access Control

Software MainWP Broken Links Checker Extension Type Plugin Vulnerable versions = 4.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23736 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 20475e0a5f4c Credits Dave...

WordPress MainWP Broken Links Checker Extension Plugin <= 4.0 is vulnerable to SQL Injection

Software MainWP Broken Links Checker Extension Type Plugin Vulnerable versions = 4.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23737 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 1b463b65a14d Credits Dave Jong Patchstack Required...

WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software MainWP Code Snippets Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23650 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 27d865081452 Credits Dave...

WordPress MainWP Boilerplate Extension Plugin <= 4.1 is vulnerable to Broken Access Control

Software MainWP Boilerplate Extension Type Plugin Vulnerable versions = 4.1 Fixed in 4.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23744 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dc04c8344b84 Credits Dave Jong...

WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software MainWP Code Snippets Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23655 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e9535c2d9219 Credits Dave Jon...

WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Arbitrary Code Execution

Software MainWP Code Snippets Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A1: Injection Classification Arbitrary Code Execution CVE CVE-2023-23645 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID bd9b1b1be741 Credits Dave Jong Patchstack...