WordPress WooCommerce Payments Plugin <= 6.4.2 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Payments Type Plugin Vulnerable versions = 6.4.2 Fixed in 6.5.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49828 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 702b702ee838 Credits Rafie Muhammad Patchstack Require...

WordPress Bold Page Builder Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions = 4.6.1 Fixed in 4.7.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49823 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f110d66c795 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software LiveChat Type Plugin Vulnerable versions = 4.5.15 Fixed in 4.5.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49821 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fc152f3c5a19 Credits Brandon Roldan Required...

WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to SQL Injection

Software Sayfa Sayaç Type Plugin Vulnerable versions = 2.6 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49776 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID b5614af7ec8d Credits Rafie Muhammad Patchstack Required privilege...

WordPress Smart External Link Click Monitor [Link Log] Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Smart External Link Click Monitor Link Log Type Plugin Vulnerable versions = 5.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49771 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1106b9604760 Credits Mika...

WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Bypass Vulnerability

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.5.02.005 Fixed in 8.6.01.005 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-49774 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 23d1af6fe73e Credits Brandon Roldan...

WordPress MW WP Form Plugin <= 5.0.1 is vulnerable to Arbitrary File Upload

Software MW WP Form Type Plugin Vulnerable versions = 5.0.1 Fixed in 5.0.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 597833164ec3 Credits István Márton Required privilege Unauthenticat...

WordPress Fix My Feed RSS Repair Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Fix My Feed RSS Repair Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49816 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5bdeb04c02b0 Credits Nguyen Xuan Chie...

WordPress Webflow Pages Plugin <= 1.0.8 is vulnerable to Broken Access Control

Software Webflow Pages Type Plugin Vulnerable versions = 1.0.8 Fixed in 1.1.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49818 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f0a2c4f0050b Credits Mika Required privilege...

WordPress Structured Content Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Structured Content Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49820 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4db95a68f57c Credits LVT-tholv2k Required privilege...

WordPress Soledad Theme <= 8.4.1 is vulnerable to SQL Injection

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49825 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID a78a84399460 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Advanced Database Cleaner Plugin <= 3.1.2 is vulnerable to SQL Injection

Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49764 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 18ca57291df6 Credits Mika Required privilege Administrator...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to Local File Inclusion

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-49753 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 193f6f83729d Credits RE-ALTER Required privilege Unauthenticated...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to SQL Injection

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49752 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bdbcb39edd4b Credits RE-ALTER Required privilege Unauthenticated...

WordPress WP Booking System Plugin <= 2.0.19.2 is vulnerable to Broken Access Control

Software WP Booking System Type Plugin Vulnerable versions = 2.0.19.2 Fixed in 2.0.19.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-49758 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b7e70f6e3332 Credits Abdi Pranata...

WordPress SureTriggers Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)

Software SureTriggers Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49749 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11a6f0afd634 Credits Rafie Muhammad...

WordPress Dashboard Widgets Suite Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Dashboard Widgets Suite Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49743 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c6ab0c656b0c Credits Rachit Arora Required privileg...

WordPress Couponis Demo Plugin < 2.2 is vulnerable to SQL Injection

Software Couponis Demo Type Plugin Vulnerable versions 2.2 Fixed in 2.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49750 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 697cadbd26d0 Credits RE-ALTER Required privilege Unauthenticated Published 4...

WordPress Awesome Support Plugin <= 6.1.10 is vulnerable to Broken Access Control

Software Awesome Support Type Plugin Vulnerable versions = 6.1.10 Fixed in 6.1.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-49757 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 3019bd4f8cbf Credits Abdi Pranata Required...

WordPress Spiffy Calendar Plugin <= 4.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.5 Fixed in 4.9.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49745 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 28c8f76cf91e Credits resecured.io Required privilege...