WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 is vulnerable to Settings Change

Software MainWP UpdraftPlus Extension Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-23658 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID c87cd5d840bf Credits Dave Jong Patchstack...

WordPress MainWP Buddy Extension Plugin <= 4.0.1 is vulnerable to Broken Access Control

Software MainWP Buddy Extension Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23747 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 02ced2ec53b5 Credits Dave Jong...

WordPress MainWP Maintenance Extension Plugin <= 4.1.1 is vulnerable to SQL Injection

Software MainWP Maintenance Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23660 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 9ddad2ceeae4 Credits Dave Jong Patchstack Required...

WordPress MainWP Maintenance Extension Plugin <= 4.1.1 is vulnerable to Settings Change

Software MainWP Maintenance Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-23662 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 8194a64eddf2 Credits Dave Jong...

WordPress MainWP Favorites Extension Plugin <= 4.0.10 is vulnerable to Broken Access Control

Software MainWP Favorites Extension Type Plugin Vulnerable versions = 4.0.10 Fixed in 4.0.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23739 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 74613185c5a7 Credits Dave Jong...

WordPress MainWP File Uploader Extension Plugin <= 4.1 is vulnerable to Arbitrary File Deletion

Software MainWP File Uploader Extension Type Plugin Vulnerable versions = 4.1 Fixed in 4.1.1 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-23653 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 7641346095c5 Credits Dave Jong...

WordPress MainWP Staging Extension Plugin <= 4.0.3 is vulnerable to Broken Access Control

Software MainWP Staging Extension Type Plugin Vulnerable versions = 4.0.3 Fixed in 4.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23639 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bd391a4b93d5 Credits Dave Jong...

WordPress MainWP File Uploader Extension Plugin <= 4.1 is vulnerable to Arbitrary File Upload

Software MainWP File Uploader Extension Type Plugin Vulnerable versions = 4.1 Fixed in 4.1.1 OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2023-23656 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f49d8364bda5 Credits Dave Jong...

WordPress MainWP WordPress SEO Extension Plugin <= 4.0.1 is vulnerable to Broken Access Control

Software MainWP WordPress SEO Extension Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23746 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID eb8b01abda06 Credits Dave Jon...

WordPress MagicForm Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Software MagicForm Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47592 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3819918430b2 Credits minhtuanact Required...

WordPress Advanced Custom Fields: Image Crop Add-on Plugin <= 1.4.12 is vulnerable to Broken Access Control

Software Advanced Custom Fields: Image Crop Add-on Type Plugin Vulnerable versions = 1.4.12 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-22676 Patch priority Low CVSS severity Low 3.1 Developer Claim ownership PSID ae467650d1f0 Credits Istv...

WordPress Vimeo Video Autoplay Automute Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Vimeo Video Autoplay Automute Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0153 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6b9ac437c259 Credits István...

WordPress Youtube Channel Gallery Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Youtube Channel Gallery Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4783 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID d89263cd84d3 Credits István Márton...

WordPress FL3R FeelBox Plugin <= 8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software FL3R FeelBox Type Plugin Vulnerable versions = 8.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4553 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 95a213692f20 Credits WPScan Required privilege...

WordPress 10Web Map Builder for Google Maps Plugin < 1.0.72 is vulnerable to Cross Site Scripting (XSS)

Software 10Web Map Builder for Google Maps Type Plugin Vulnerable versions 1.0.72 Fixed in 1.0.72 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4758 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 6eb19701ed4e Credits...

WordPress club-theme Theme < 10 is vulnerable to Arbitrary File Upload

Software club-theme Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c1148e89d858 Credits Joshua Small Required privilege...

WordPress Store Locator WordPress Plugin < 1.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Store Locator WordPress Type Plugin Vulnerable versions 1.4.9 Fixed in 1.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4832 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 643ae0b35cd8 Credits István Márto...

WordPress BruteBank – WP Security & Firewall Plugin < 1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software BruteBank – WP Security & Firewall Type Plugin Vulnerable versions 1.9 Fixed in 1.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6404457f092f Credits rezadut...

WordPress WHA Puzzle plugin <= 1.0.9 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress WHA Puzzle plugin versions = 1.0.9. Solution No patched version available...

WordPress Image Map Pro premium plugin <= 5.5.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Dave Jong Patchstack in the WordPress Image Map Pro premium plugin versions = 5.5.0. Solution No patched version is available. No reply from the vendor for a long time...