WordPress ChatBot Plugin <= 4.7.8 is vulnerable to SQL Injection

Software ChatBot Type Plugin Vulnerable versions = 4.7.8 Fixed in 4.7.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-48741 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 1bfb272c13b3 Credits Mika Required privilege Administrator Published 23...

WordPress Widgets for Google Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload

Software Widgets for Google Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 5e436d044590 Credits Rafie Muhammad Patchstack...

WordPress WCMultiShipping Plugin <= 2.3.5 is vulnerable to Broken Access Control

Software WCMultiShipping Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48274 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ae6198f38515 Credits Abdi Pranata Required...

WordPress Autocomplete Location field Contact Form 7 Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Autocomplete Location field Contact Form 7 Type Plugin Vulnerable versions = 2.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5005 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4890d8d7c0c3 Credits B...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2447 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID f82d076bd579 Credits István Márton Required...

WordPress Userpro Plugin <= 5.1.4 is vulnerable to Privilege Escalation

Software Userpro Type Plugin Vulnerable versions = 5.1.4 Fixed in 5.1.5 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2023-6009 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7046ef9feaa8 Credits István Márton Required privilege...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Sensitive Data Exposure

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2446 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 60ff01fd740b Credits István Márton Required...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Broken Authentication

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-2437 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9aac076e3030 Credits István Márton...

WordPress Preloader for Website Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software Preloader for Website Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48273 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID d41468183f67 Credits Nguyen Xuan Chien...

WordPress Post Meta Data Manager Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5776 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID be22b4c7158e Credits Francesco...

WordPress WP Child Theme Generator Plugin <= 1.1.2 is vulnerable to Arbitrary File Upload

Software WP Child Theme Generator Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Upload CVE CVE-2023-47873 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID e915ca3d162f Credits Dateoljo of BoB 12th...

WordPress Contact Form to Any API Plugin <= 1.1.6 is vulnerable to Broken Access Control

Software Contact Form to Any API Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47871 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 81c0f0123458 Credits Arvandy Require...

WordPress Grab & Save Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Grab & Save Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47845 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 10b2ddc4a429 Credits Dimas Maulana Required...

WordPress CataBlog Plugin <= 1.7.0 is vulnerable to Arbitrary File Upload

Software CataBlog Type Plugin Vulnerable versions = 1.7.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-47842 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID ca3ef4e541ae Credits Rafie Muhammad Patchstack Required privilege...

WordPress BlossomThemes Email Newsletter Plugin <= 2.2.4 is vulnerable to Broken Access Control

Software BlossomThemes Email Newsletter Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47849 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 051053384c38 Credits Abdi...

WordPress PayTR Taksit Tablosu Plugin <= 1.3.1 is vulnerable to Broken Access Control

Software PayTR Taksit Tablosu Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47847 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9835cf00a16a Credits Abdi Pranata Required...

WordPress Audio Merchant Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Audio Merchant Type Plugin Vulnerable versions = 5.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6197 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b9deef5e9191 Credits Ala Arfaoui Required...

WordPress wpForo Forum Plugin <= 2.2.5 is vulnerable to Content Injection

Software wpForo Forum Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A1: Broken Access Control Classification Content Injection CVE CVE-2023-47869 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e9607ec97842 Credits Jesse McNeil Required privilege...

WordPress wpForo Forum Plugin <= 2.2.3 is vulnerable to Privilege Escalation

Software wpForo Forum Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2023-47868 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 18839e0584f6 Credits Jesse McNeil Required privilege...

WordPress wpForo Forum Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software wpForo Forum Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47872 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID da62b115c79c Credits Jesse McNeil Required privilege...