WordPress WP EXtra Plugin <= 6.2 is vulnerable to Remote Code Execution (RCE)

Software WP EXtra Type Plugin Vulnerable versions = 6.2 Fixed in 6.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-46623 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4dd4ccde8243 Credits TP Cyber Security Required privilege Subscribe...

WordPress Admin and Site Enhancements (ASE) Plugin <= 5.7.1 is vulnerable to Bypass Vulnerability

Software Admin and Site Enhancements ASE Type Plugin Vulnerable versions = 5.7.1 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-46630 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 924c1b7a64df Credits Khalid Yusuf...

WordPress Medialist Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Medialist Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46640 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 22ee4e11fa05 Credits Tien from VNPT-VCI Required privilege...

WordPress Add to Calendar Button Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Add to Calendar Button Type Plugin Vulnerable versions 1.5.1 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46613 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d1a3af767789 Credits Ngô Thiên An ancorn from...

WordPress FeedFocal Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software FeedFocal Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46609 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 596cdbd4c469 Credits Mika Required privilege...

WordPress Zotpress Plugin <= 7.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Zotpress Type Plugin Vulnerable versions = 7.3.4 Fixed in 7.3.5 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Scripting XSS CVE CVE-2023-46313 Patch priority High CVSS severity High 7.1 Developer Katie Seaborn PSID 59509807c75c Credits SeungYongLee Required privile...

WordPress DoLogin Security Plugin <= 3.7.1 is vulnerable to Broken Access Control

Software DoLogin Security Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46608 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 5adc7395b967 Credits Mika Required privilege...

WordPress YOP Poll Plugin <= 6.5.28 is vulnerable to Broken Authentication

Software YOP Poll Type Plugin Vulnerable versions = 6.5.28 Fixed in 6.5.29 OWASP Top 10 A5: Security Misconfiguration Classification Broken Authentication CVE CVE-2023-46611 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f8c5b7c225ab Credits qilin99 Required privilege...

WordPress Convertful – Your Ultimate On-Site Conversion Tool Plugin <= 2.5 is vulnerable to Broken Access Control

Software Convertful – Your Ultimate On-Site Conversion Tool Type Plugin Vulnerable versions = 2.5 Fixed in 2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46605 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9a3a7f4759bc Credit...

WordPress Draw Attention Plugin <= 2.0.15 is vulnerable to Broken Access Control

Software Draw Attention Type Plugin Vulnerable versions = 2.0.15 Fixed in 2.0.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46616 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13d4f142d807 Credits thiennv Required privilege...

WordPress Mediabay Plugin <= 1.6 is vulnerable to Broken Access Control

Software Mediabay Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46612 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 01f288807115 Credits emad Required privilege Subscriber...

WordPress Quill Forms Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software Quill Forms Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46610 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID f234d1eb3578 Credits Abdi Pranata Required privilege...

WordPress Security & Malware scan by CleanTalk Plugin <= 2.50 is vulnerable to Broken Access Control

Software Security & Malware scan by CleanTalk Type Plugin Vulnerable versions = 2.50 Fixed in 2.51 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36698 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID b7a98366ebf3 Credits Jerome...

WordPress Tab Ultimate Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Tab Ultimate Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5667 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 6b4d31988178 Credits István Márton Required privileg...

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-46311 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 05932cb617e2 Credits Revan Arifio Requir...

WordPress Soisy Pagamento Rateale Plugin <= 6.0.1 is vulnerable to Broken Access Control

Software Soisy Pagamento Rateale Type Plugin Vulnerable versions = 6.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5132 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID ea685dad7b8e Credits Francesco Carlucci...

WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.14 is vulnerable to Local File Inclusion

Software Ultimate Addons for WPBakery Page Builder Type Plugin Vulnerable versions = 3.19.14 Fixed in 3.19.15 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-46205 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 1ed82bf57553 Credits Rafie...

WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Motors – Car Dealer & Classified Ads Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46208 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dac70b12e2be Credits...

WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.0 is vulnerable to SQL Injection

Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5336 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 25ea3eb9ee79 Credits István Márton Require...

WordPress Delete Usermetas Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Delete Usermetas Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5537 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 87478bd3e45b Credits Francesco Carlucci...