WordPress ZeroBounce Email Verification & Validation Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Software ZeroBounce Email Verification & Validation Type Plugin Vulnerable versions = 1.0.11 Fixed in 1.0.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51374 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID acd9ba4e664e Credits DoYeon Pa...

WordPress WC Marketplace Plugin <= 4.0.23 is vulnerable to Broken Access Control

Software WC Marketplace Type Plugin Vulnerable versions = 4.0.23 Fixed in 4.0.24 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51355 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 98133d2bdac6 Credits thiennv Required privilege...

WordPress New User Approve Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software New User Approve Type Plugin Vulnerable versions = 2.5.1 Fixed in 2.5.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50902 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 064c7d29ebf0 Credits RE-ALTER Required...

WordPress Conversios.io Plugin <= 6.5.0 is vulnerable to Broken Access Control

Software Conversios.io Type Plugin Vulnerable versions = 6.5.0 Fixed in 6.5.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51357 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 76d9ded19161 Credits Mika Required privilege...

WordPress Product Catalog Enquiry for WooCommerce by MultiVendorX Plugin <= 5.0.2 is vulnerable to Broken Access Control

Software Product Catalog Enquiry for WooCommerce by MultiVendorX Type Plugin Vulnerable versions = 5.0.2 Fixed in 5.0.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50899 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1d8bd2186a...

WordPress User Feedback Plugin <= 1.0.10 is vulnerable to Broken Access Control

Software User Feedback Type Plugin Vulnerable versions = 1.0.10 Fixed in 1.0.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50887 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 72613a1d0e22 Credits Revan Arifio Required privile...

WordPress Product Filter by WBW Plugin <= 2.5.0 is vulnerable to Broken Access Control

Software Product Filter by WBW Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50877 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b4377cfc0c43 Credits Abdi Pranata...

WordPress MStore API Plugin <= 4.10.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 4.10.1 Fixed in 4.10.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50878 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f4e7104141c9 Credits Mika Required privileg...

WordPress ProfilePress Plugin <= 4.13.2 is vulnerable to Broken Access Control

Software ProfilePress Type Plugin Vulnerable versions = 4.13.2 Fixed in 4.13.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50882 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a2e889cf5486 Credits Revan Arifio Required privileg...

WordPress Sticky Chat Widget Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Sticky Chat Widget Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51361 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0466bd6e4c4f Credits emad Required privilege Administrat...

WordPress LA-Studio Element Kit for Elementor Plugin <= 1.1.5 is vulnerable to Broken Access Control

Software LA-Studio Element Kit for Elementor Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50884 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0dcf79343479 Credits thiennv...

WordPress Essential Blocks for Gutenberg Plugin <= 4.2.0 is vulnerable to Broken Access Control

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51360 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID aa89b26b64fb Credits Rafie Muhamm...

WordPress ProjectHuddle Client Site Plugin <= 1.0.34 is vulnerable to Broken Access Control

Software ProjectHuddle Client Site Type Plugin Vulnerable versions = 1.0.34 Fixed in 1.0.35 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51376 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 662f316bbcd6 Credits Rafie...

WordPress HT Mega Plugin <= 2.3.8 is vulnerable to Cross Site Scripting (XSS)

Software HT Mega Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50901 Patch priority Medium CVSS severity Medium 7.1 Developer HTMega PSID 46290c97b255 Credits Le Ngoc Anh Required privilege Unauthenticated...

Congress Sure Made a Lot of Noise About Kids’ Privacy in 2023—and Not Much Else

Members of the US Congress touted improvements to children’s privacy protections as an urgent priority. So why didn’t they do anything about it?...

WordPress Add Any Extension to Pages Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Add Any Extension to Pages Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50873 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b3821f100fa4 Credits Nguyen Xuan...

WordPress Amelia Plugin <= 1.0.85 is vulnerable to Cross Site Scripting (XSS)

Software Amelia Type Plugin Vulnerable versions = 1.0.85 Fixed in 1.0.86 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50860 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 27837f5455f3 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection

Software RegistrationMagic Type Plugin Vulnerable versions = 5.2.4.5 Fixed in 5.2.4.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50846 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 9ebe43b2d455 Credits Muhammad Daffa Required privilege...

WordPress Booking Manager Plugin <= 2.1.5 is vulnerable to SQL Injection

Software Booking Manager Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50840 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 1f8bbef81167 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress Paid Memberships Pro Plugin <= 2.12.5 is vulnerable to Broken Access Control

Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.12.5 Fixed in 2.12.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6855 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fb6688b14c42 Credits Webbernaut Required...