WordPress Block for Font Awesome Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Block for Font Awesome Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.4.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49751 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2ae115747c8e Credits Nguyen Xuan...

WordPress Bulk Edit Post Titles Plugin <= 5.0.0 is vulnerable to Broken Access Control

Software Bulk Edit Post Titles Type Plugin Vulnerable versions = 5.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-49754 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID cc6753fe92c9 Credits Nguyen Xuan Chien...

WordPress DoFollow Case by Case Plugin <= 3.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software DoFollow Case by Case Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.5.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49197 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1e74ba3bfbc6 Credits Skalucy...

WordPress Backup Migration Plugin <= 1.3.6 is vulnerable to Sensitive Data Exposure

Software Backup Migration Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-6266 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 7df0ea44f3d7 Credits Rafshanzani Suhada...

WordPress CF7 Google Sheets Connector Plugin <= 5.0.5 is vulnerable to Sensitive Data Exposure

Software CF7 Google Sheets Connector Type Plugin Vulnerable versions = 5.0.5 Fixed in 5.0.6 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-44989 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 42f969d97736...

Rapid7 Takes Next Step in AI Innovation with New AI-Powered Threat Detections

Digital transformation has created immense opportunity to generate new revenue streams, better engage with customers and drive operational efficiency. A decades-long transition to cloud as the de-facto delivery model of choice has delivered undeniable value to the business landscape. But any chan...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49187 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a67ee23d6891 Credits RE-ALTER Required privilege...

WordPress Site Offline Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Software Site Offline Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49190 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 49fa69649ba8 Credits emad Required privilege Administrator...

WordPress List all posts by Authors, nested Categories and Title Plugin <= 2.8.2 is vulnerable to Cross Site Scripting (XSS)

Software List all posts by Authors, nested Categories and Title Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-49182 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress Innovs HR Plugin <= 1.0.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Innovs HR Type Plugin Vulnerable versions = 1.0.3.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49171 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e18ef701b7d2 Credits SeungYongLee Required privilege...

WordPress which template file Plugin <= 5.0.0 is vulnerable to Cross Site Scripting (XSS)

Software which template file Type Plugin Vulnerable versions = 5.0.0 Fixed in 5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-49177 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 69cd93c404ef Credits LEE SE HYOUNG...

WordPress BP Better Messages Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software BP Better Messages Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49168 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 979ad8298842 Credits Rafshanzani Suhada Required privile...

WordPress Email Address Encoder Plugin <= 1.0.22 is vulnerable to Cross Site Scripting (XSS)

Software Email Address Encoder Type Plugin Vulnerable versions = 1.0.22 Fixed in 1.0.23 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48765 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4b554f8ca93c Credits LVT-tholv2k Required privilege...

WordPress teachPress Plugin <= 9.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software teachPress Type Plugin Vulnerable versions = 9.0.5 Fixed in 9.0.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49163 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 932dc955a019 Credits LVT-tholv2k Required...

WordPress SchedulePress Plugin <= 5.0.4 is vulnerable to Broken Access Control

Software SchedulePress Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aa83517bf4e8 Credits Unknown Required privilege Contributor...

WordPress WP Pocket URLs Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Pocket URLs Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49176 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 380f014ea38f Credits SeungYongLee Required privilege...

WordPress Ads by datafeedr.com Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Ads by datafeedr.com Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49169 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1f49a74489f Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress LadiApp Plugin <= 4.4 is vulnerable to Broken Access Control

Software LadiApp Type Plugin Vulnerable versions = 4.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49158 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID d4f5b16a2edf Credits Truoc Phan Required privilege Subscribe...

WordPress GoDaddy Email Marketing Plugin <= 1.4.3 is vulnerable to Broken Access Control

Software GoDaddy Email Marketing Type Plugin Vulnerable versions = 1.4.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49156 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 68018a404ed8 Credits Abdi Pranata...

WordPress WP Catalogue Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software WP Catalogue Type Plugin Vulnerable versions = 1.7.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-48780 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 187ba06c2902 Credits Abdi Pranata Required...