WordPress EventPrime Plugin < 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventPrime Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4251 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3fee28172b5f Credits Alex Sanford Required...

WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Login Screen Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47182 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 33ab93e220c0 Credits Nano Required privilege...

WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure

Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07af2f4a4fb5 Credits Marco Wotschka Required...

WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Login Screen Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5243 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7d813a002456 Credits Nano Required privile...

WordPress The Plus Addons for Elementor Pro Plugin <= 5.2.8 is vulnerable to Local File Inclusion

Software The Plus Addons for Elementor Pro Type Plugin Vulnerable versions = 5.2.8 Fixed in 5.2.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-47178 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 0501be93705b Credits Rafie Muhammad...

WordPress Finale Lite Plugin <= 2.16.0 is vulnerable to Arbitrary Content Deletion

Software Finale Lite Type Plugin Vulnerable versions = 2.16.0 Fixed in 2.17.0 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-47180 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a89d6e226519 Credits Mika Required...

WordPress Grid Plus Plugin <= 1.3.2 is vulnerable to Broken Access Control

Software Grid Plus Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-34014 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dd240d0353de Credits Abdi Pranata Required privilege...

WordPress Jquery accordion slideshow Plugin <= 8.1 is vulnerable to SQL Injection

Software Jquery accordion slideshow Type Plugin Vulnerable versions = 8.1 Fixed in 8.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5464 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 6c3c2c2de4b5 Credits István Márton Required privilege Contributo...

WordPress Jquery news ticker Plugin <= 3.0 is vulnerable to SQL Injection

Software Jquery news ticker Type Plugin Vulnerable versions = 3.0 Fixed in 3.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5430 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID f8ae8a455966 Credits István Márton Required privilege Contributor...

Minter can censor GATEKEEPER and mint uncollateralized for a prolonged period of time

Lines of code Vulnerability details Impact Ethena explicitly mentions their protection against a compromised minter, the mentioned maximum loss is $100.000. The protection against a compromised minter rests on the GATEKEEPER role which is a system running on AWS set to remove the minter if mints...

WordPress Information Reel Plugin <= 10.0 is vulnerable to SQL Injection

Software Information Reel Type Plugin Vulnerable versions = 10.0 Fixed in 10.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5429 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID c905ec2711b0 Credits István Márton Required privilege Contributor...

WordPress Vertical Marquee Plugin Plugin <= 7.1 is vulnerable to SQL Injection

Software Vertical Marquee Plugin Type Plugin Vulnerable versions = 7.1 Fixed in 7.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5436 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 0d3867ba4432 Credits István Márton Required privilege Contributor...

WordPress Advanced Booking Calendar Plugin <= 3.2.11 is vulnerable to SQL Injection

Software Advanced Booking Calendar Type Plugin Vulnerable versions = 3.2.11 Fixed in 3.2.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID cef456031167 Credits N/A Required privilege Administrator Published 3...

WordPress wp image slideshow Plugin <= 12.0 is vulnerable to SQL Injection

Software wp image slideshow Type Plugin Vulnerable versions = 12.0 Fixed in 12.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5438 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 51685deaca4b Credits István Márton Required privilege Contributor...

WordPress HTML filter and csv-file search Plugin <= 2.7 is vulnerable to Local File Inclusion

Software HTML filter and csv-file search Type Plugin Vulnerable versions = 2.7 Fixed in 2.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-5099 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 9f90341966c7 Credits Alex Thomas Required privilege...

WordPress Google Maps made Simple Plugin <= 0.6 is vulnerable to SQL Injection

Software Google Maps made Simple Type Plugin Vulnerable versions = 0.6 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5315 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 9139046f56f6 Credits István Márton Required privilege Subscriber...

WordPress Bellows Accordion Menu Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Bellows Accordion Menu Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5164 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 390a77233aee Credits István Márton...

WordPress Weather Atlas Widget Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Weather Atlas Widget Type Plugin Vulnerable versions = 1.2.1 Fixed in 2.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5163 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 53d44a1617c5 Credits István Márton...

WordPress Bonus for Woo Plugin <= 5.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Bonus for Woo Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5140 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bebc071bb4a6 Credits Enrico Marcolini...

WordPress Post Meta Data Manager Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5426 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID a003d34ca1b2 Credits Francesco Carlucc...