447 matches found
WordPress Media File Renamer Plugin <= 5.6.9 is vulnerable to Sensitive Data Exposure
Software Media File Renamer Type Plugin Vulnerable versions = 5.6.9 Fixed in 5.7.0 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-44991 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c8e129aba6bd Credits Joshu...
WordPress WCFM Marketplace Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)
Software WCFM Marketplace Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4960 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0283a85d23db Credits István Márton Required...
WordPress Salient Core Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Salient Core Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48749 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ef3d6f0a3d43 Credits Rafie Muhammad Patchstack Required...
WordPress Captcha Code Plugin <= 2.9 is vulnerable to Bypass Vulnerability
Software Captcha Code Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-48745 Patch priority Low CVSS severity Low 5.3 Developer WebFactory Ltd. PSID c2ae3ab19d4d Credits qilin99 Required privilege...
WordPress MyBookTable Bookstore Plugin <= 3.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software MyBookTable Bookstore Type Plugin Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ac06dff1976c Credits Nguyen Xuan...
WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Awesome Support Type Plugin Vulnerable versions = 6.1.4 Fixed in 6.1.5 OWASP Top 10 A2: Broken Authentication Classification Cross Site Request Forgery CSRF CVE CVE-2023-48323 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID afdaccd9618c Credits thiennv Required...
WordPress Userpro Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2447 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID f82d076bd579 Credits István Márton Required...
WordPress PayTR Taksit Tablosu Plugin <= 1.3.1 is vulnerable to Broken Access Control
Software PayTR Taksit Tablosu Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47847 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9835cf00a16a Credits Abdi Pranata Required...
WordPress Audio Merchant Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Audio Merchant Type Plugin Vulnerable versions = 5.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6197 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b9deef5e9191 Credits Ala Arfaoui Required...
WordPress Jetpack Plugin < 12.7 is vulnerable to Clickjacking
Software Jetpack Type Plugin Vulnerable versions 12.7 Fixed in 12.7 OWASP Top 10 A3: Injection Classification Clickjacking CVE CVE-2023-47774 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 18fefcc21cac Credits Rafie Muhammad Patchstack Required privilege Contributor...
WordPress Product Catalog Simple Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Product Catalog Simple Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f2ff5330794a Credits Unknown Required...
WordPress Plainview Protect Passwords Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Plainview Protect Passwords Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47664 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2a5e4c3d7ce6 Credits Mika Requir...
WordPress Code Snippets Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Code Snippets Type Plugin Vulnerable versions = 3.5.0 Fixed in 3.6.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47666 Patch priority Low CVSS severity Low 4.3 Developer Code Snippets Pro PSID 3f0e2c5bc521 Credits Huynh Tien Si...
WordPress ARI Stream Quiz Plugin <= 1.3.2 is vulnerable to Content Injection
Software ARI Stream Quiz Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A5: Broken Access Control Classification Content Injection CVE CVE-2023-47513 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 942a7b806fcf Credits Abdi Pranata Required privilege...
WordPress WP Google My Business Auto Publish Plugin <= 3.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Google My Business Auto Publish Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-47237 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 19fe6caa3a0c Credits...
WordPress Admin Bar & Dashboard Access Control Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)
Software Admin Bar & Dashboard Access Control Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47184 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7931d5b9940f Credits Rachit Arora...
WordPress Grid Plus Plugin <= 1.3.2 is vulnerable to Broken Access Control
Software Grid Plus Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-34014 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dd240d0353de Credits Abdi Pranata Required privilege...
WordPress Advanced Booking Calendar Plugin <= 3.2.11 is vulnerable to SQL Injection
Software Advanced Booking Calendar Type Plugin Vulnerable versions = 3.2.11 Fixed in 3.2.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID cef456031167 Credits N/A Required privilege Administrator Published 3...
WordPress Jquery accordion slideshow Plugin <= 8.1 is vulnerable to SQL Injection
Software Jquery accordion slideshow Type Plugin Vulnerable versions = 8.1 Fixed in 8.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5464 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 6c3c2c2de4b5 Credits István Márton Required privilege Contributo...
WordPress Assistant – Every Day Productivity Apps Plugin < 1.4.4 is vulnerable to Server Side Request Forgery (SSRF)
Software Assistant – Every Day Productivity Apps Type Plugin Vulnerable versions 1.4.4 Fixed in 1.4.4 OWASP Top 10 A3: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-5798 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 79c75777c183 Credits Ji Yuchen...