WordPress Spice Post Slider Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Spice Post Slider Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5362 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 963f12e8b291 Credits István Márton Required...

WordPress Import Export WordPress Users Plugin <= 2.4.8 is vulnerable to Arbitrary File Upload

Software Import Export WordPress Users Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6558 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID a7515a768629 Credits István Márton Required...

CVE-2023-5616

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...

WordPress Popup Builder Plugin < 4.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 4.2.3 Fixed in 4.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6000 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 14212aacf7f9 Credits Marc Montpas Required...

WordPress Welcart e-Commerce Plugin <= 2.9.6 is vulnerable to Path Traversal

Software Welcart e-Commerce Type Plugin Vulnerable versions = 2.9.6 Fixed in 2.9.7 OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2023-6120 Patch priority Medium CVSS severity Medium 4.1 Developer Claim ownership PSID 545792f26683 Credits Marco Wotschka Required...

priorityconciergemd.com Improper Access Control vulnerability OBB-3808462

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Alt Manager Plugin <= 1.6.1 is vulnerable to Broken Access Control

Software Alt Manager Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50373 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID d15fcb372f33 Credits Nguyen Xuan Chien Required...

WordPress Social Media Feather Plugin <= 2.1.3 is vulnerable to Broken Access Control

Software Social Media Feather Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49861 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID c21113708404 Credits Abdi Pranata...

WordPress Smart Forms Plugin <= 2.6.84 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions = 2.6.84 Fixed in 2.6.85 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49856 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 636ea1edcfea Credits Abdi Pranata Required privile...

WordPress Custom Login Plugin <= 4.1.0 is vulnerable to Broken Access Control

Software Custom Login Type Plugin Vulnerable versions = 4.1.0 Fixed in 4.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49858 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 0dfaac0266be Credits Abdi Pranata Required...

WordPress Custom Post Type Page Template Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Custom Post Type Page Template Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50372 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6e58dd1aa617 Credits Nguyen...

WordPress Login With Ajax Plugin <= 4.1 is vulnerable to Broken Access Control

Software Login With Ajax Type Plugin Vulnerable versions = 4.1 Fixed in 4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49859 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 3990b3ba7420 Credits Abdi Pranata Required...

WordPress Awesome Support Plugin <= 6.1.7 is vulnerable to Broken Access Control

Software Awesome Support Type Plugin Vulnerable versions = 6.1.7 Fixed in 6.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49857 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 75c871c2eac0 Credits thiennv Required privilege...

CVE-2023-46219

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

WordPress Burst Statistics Pro Plugin 1.4.0-1.5.0 is vulnerable to SQL Injection

Software Burst Statistics Pro Type Plugin Vulnerable versions 1.4.0-1.5.0 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-5761 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fbf5617c0e05 Credits German Ritter Required privilege...

WordPress Elementor Website Builder Plugin 3.3.0-3.18.1 is vulnerable to Arbitrary File Upload

Software Elementor Website Builder Type Plugin Vulnerable versions 3.3.0-3.18.1 Fixed in 3.18.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48777 Patch priority High CVSS severity High 9.9 Developer Elementor PSID 64baf5c2aab5 Credits Hồng Quân luk6785 at VNPT-VCI...

WordPress Bacola Core Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Bacola Core Type Plugin Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49839 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID d717888feaf6 Credits RE-ALTER Required privilege Unauthenticate...

WordPress Cookie Bar Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Cookie Bar Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49836 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 703ecb793ab1 Credits Muhammad Daffa Required privilege Administrator...

WordPress Spectra Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.7.9 Fixed in 2.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49833 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 70385286c341 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49826 Patch priority Medium CVSS severity Medium 8.1 Developer Claim ownership PSID c3ecdbf607cb Credits Rafie Muhammad Patchstack Required privilege...