WordPress WooCommerce Conversion Tracking Plugin <= 2.0.11 is vulnerable to Broken Access Control

Software WooCommerce Conversion Tracking Type Plugin Vulnerable versions = 2.0.11 Fixed in 2.0.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-52217 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 83cd471b97c1 Credits Abdi...

WordPress FooGallery Premium Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software FooGallery Premium Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6747 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6e234ed1eb7c Credits WordFence Required...

WordPress OMGF | Host Google Fonts Locally Plugin <= 5.7.9 is vulnerable to Broken Access Control

Software OMGF | Host Google Fonts Locally Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.7.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6600 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID f1d5094ff494 Credits Lucio Sá...

WordPress 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Plugin <= 1.15.2 is vulnerable to Cross Site Scripting (XSS)

Software 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Type Plugin Vulnerable versions = 1.15.2 Fixed in 1.15.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6776 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress Post SMTP Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS)

Software Post SMTP Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6629 Patch priority Medium CVSS severity Medium 7.1 Developer WPExperts PSID 5ffadd1b9885 Credits Matan Berson matanber Required...

WordPress WP SMS Plugin <= 6.5 is vulnerable to SQL Injection

Software WP SMS Type Plugin Vulnerable versions = 6.5 Fixed in 6.5.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6981 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0cdcc4de6b6a Credits Krzysztof Zając Required privilege Administrator Published 3...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.3.0 is vulnerable to Broken Access Control

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-7068 Patch priority Low CVSS severity Low 4.3 Developer Claim...

WordPress Page Builder: Live Composer Plugin <= 1.5.23 is vulnerable to Cross Site Scripting (XSS)

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.23 Fixed in 1.5.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52193 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 70cd66e65bfa Credits Ngô Thiên An ancorn from...

WordPress HTML5 SoundCloud Player Plugin <= 2.8.0 is vulnerable to PHP Object Injection

Software HTML5 SoundCloud Player Type Plugin Vulnerable versions = 2.8.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52205 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID 39ab4c99fd96 Credits Rafie Muhammad Patchstack Required...

WordPress Coupon Referral Program Plugin <= 1.7.2 is vulnerable to Sensitive Data Exposure

Software Coupon Referral Program Type Plugin Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-52190 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 3514be0010e5 Credits Dave Jong Patchstac...

WordPress Post SMTP Plugin <= 2.8.7 is vulnerable to Cross Site Scripting (XSS)

Software Post SMTP Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7027 Patch priority Medium CVSS severity Medium 7.1 Developer WPExperts PSID 7142ca21bf69 Credits Sean Murphy Required privilege...

WordPress Image Source Control Plugin <= 2.17.0 is vulnerable to Sensitive Data Exposure

Software Image Source Control Type Plugin Vulnerable versions = 2.17.0 Fixed in 2.17.1 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-52187 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 66572409bd51 Credits...

WordPress Theme per user Plugin <= 1.0.1 is vulnerable to PHP Object Injection

Software Theme per user Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52181 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 74baf7cbbeba Credits Rafie Muhammad Patchstack Required privile...

WordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object Injection

Software ARI Stream Quiz Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52182 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c9a4f35de1f1 Credits Rafie Muhammad Patchstack Required...

WordPress WordPress Backup & Migration Plugin <= 1.4.3 is vulnerable to Broken Access Control

Software WordPress Backup & Migration Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-52183 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e20ae588b69a Credits Abdi Pranata...

WordPress Floating Button Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Floating Button Type Plugin Vulnerable versions = 6.0 Fixed in 6.0.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52149 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 33e4d5b87e73 Credits Skalucy Required...

WordPress Affiliates Manager Plugin <= 2.9.30 is vulnerable to Sensitive Data Exposure

Software Affiliates Manager Type Plugin Vulnerable versions = 2.9.30 Fixed in 2.9.31 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-52148 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6d65e80d0f2d Credits...

WordPress Product Feed Manager Plugin <= 7.3.15 is vulnerable to Directory Traversal

Software Product Feed Manager Type Plugin Vulnerable versions = 7.3.15 Fixed in 7.3.16 OWASP Top 10 A4: Insecure Design Classification Directory Traversal CVE CVE-2023-52144 Patch priority Low CVSS severity Low 5.5 Developer WPFunnels Team PSID 19683c0fecc1 Credits Muhammad Daffa Required privile...

WordPress Republish Old Posts Plugin <= 1.21 is vulnerable to Cross Site Request Forgery (CSRF)

Software Republish Old Posts Type Plugin Vulnerable versions = 1.21 Fixed in 1.27 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52145 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5a397512a40f Credits Skalucy Required...

WordPress 404 Solution Plugin <= 2.33.0 is vulnerable to Sensitive Data Exposure

Software 404 Solution Type Plugin Vulnerable versions = 2.33.0 Fixed in 2.33.1 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-52146 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8e10ffdc1b34 Credits Joshua Ch...