WordPress Awesome Support Plugin < 6.1.5 is vulnerable to Broken Access Control

Software Awesome Support Type Plugin Vulnerable versions 6.1.5 Fixed in 6.1.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-5352 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07a73880431c Credits Krzysztof Zając CERT PL Required...

PT-2024-14720 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A bounds checking issue in the Linux kernel's scheduling subsystem has been identified, where the priority index used to access clpriop was not explicitly bounds checked...

WordPress iPages Flipbook Plugin <= 1.4.8 is vulnerable to SQL Injection

Software iPages Flipbook Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.5.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-47236 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID ca6f53544a70 Credits Muhammad Daffa Required privilege Administrator...

WordPress MStore API Plugin <= 4.10.7 is vulnerable to Privilege Escalation

Software MStore API Type Plugin Vulnerable versions = 4.10.7 Fixed in 4.10.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-3277 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 30d740e716a7 Credits Truoc Phan ...

WordPress Short URL Plugin <= 1.6.8 is vulnerable to Broken Access Control

Software Short URL Type Plugin Vulnerable versions = 1.6.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47225 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 80acb0670d7b Credits Abdi Pranata Required privilege...

WordPress Animated Rotating Words Plugin <= 5.4 is vulnerable to Broken Access Control

Software Animated Rotating Words Type Plugin Vulnerable versions = 5.4 Fixed in 5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47187 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID ba5fbcda489d Credits Abdi Pranata Requir...

WordPress SEO Slider Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software SEO Slider Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5707 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 17821e38b317 Credits Lana Codes Required privilege...

WordPress Defender Security Plugin <= 4.2.0 is vulnerable to Bypass Vulnerability

Software Defender Security Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-47189 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 9d721f7eb609 Credits Naveen Muthusamy Required...

WordPress Contact Forms by Cimatti Plugin <= 1.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47230 Patch priority Low CVSS severity Low 5.4 Developer Cimatti Consulting PSID 415f09b860a2 Credits thiennv...

WordPress Advance Menu Manager Plugin <= 3.0.6 is vulnerable to Broken Access Control

Software Advance Menu Manager Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4919cd67715f Credits WordFence Required privilege...

WordPress WP Travel Plugin <= 7.8.0 is vulnerable to Broken Access Control

Software WP Travel Type Plugin Vulnerable versions = 7.8.0 Fixed in 7.8.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47224 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID bf6c5eaeacad Credits Mika Required privilege...

WordPress ChatBot Plugin 4.8.6-4.9.6 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions 4.8.6-4.9.6 Fixed in 4.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5606 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5c671cd5cf6e Credits Huynh Tien Si Required...

WordPress Solid Security Plugin <= 9.0.0 is vulnerable to Sensitive Data Exposure

Software Solid Security Type Plugin Vulnerable versions = 9.0.0 Fixed in 9.0.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8abe71fcfaf7 Credits Naveen Muthusamy Required privilege...

WordPress Admin Bar & Dashboard Access Control Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Admin Bar & Dashboard Access Control Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47184 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7931d5b9940f Credits Rachit Arora...

WordPress EventPrime Plugin < 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4250 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ec5f591b9a22 Credits Miguel Santareno Required...

WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Login Screen Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47182 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 33ab93e220c0 Credits Nano Required privilege...

WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure

Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07af2f4a4fb5 Credits Marco Wotschka Required...

WordPress EventPrime Plugin < 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventPrime Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4251 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3fee28172b5f Credits Alex Sanford Required...

WordPress Finale Lite Plugin <= 2.16.0 is vulnerable to Arbitrary Content Deletion

Software Finale Lite Type Plugin Vulnerable versions = 2.16.0 Fixed in 2.17.0 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-47180 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a89d6e226519 Credits Mika Required...

WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Login Screen Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5243 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7d813a002456 Credits Nano Required privile...