WordPress Custom post types Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Custom post types Type Plugin Vulnerable versions = 5.0.2 Fixed in 5.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32116 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de51dde21ff9 Credits Taihei Shimamine...

WordPress DX Delete Attached Media Plugin <= 2.0.5.1 is vulnerable to Broken Access Control

Software DX Delete Attached Media Type Plugin Vulnerable versions = 2.0.5.1 Fixed in 2.0.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46073 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 86e92ca0a83a Credits Abdi Pranata...

WordPress WooCommerce Ninja Forms Product Add-ons Plugin <= 1.7.0 is vulnerable to Arbitrary File Upload

Software WooCommerce Ninja Forms Product Add-ons Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-5601 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2bbb91735283 Credits Alexander Concha...

WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5.3 is vulnerable to Broken Access Control

Software ApplyOnline – Application Form Builder and Manager Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46080 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID baadd6626a79...

WordPress Ashe Extra Plugin <= 1.2.9 is vulnerable to Broken Access Control

Software Ashe Extra Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.92 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46079 Patch priority Low CVSS severity Low 5.4 Developer WProyal PSID 9a7abfde0bc8 Credits Jonas Höbenreich Required privilege...

WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software EG-Attachments Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46070 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 04006798b0e0 Credits Le Ngoc Anh Required...

WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection

Software Accessibility Suite by Online ADA Type Plugin Vulnerable versions = 4.12 Fixed in 4.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-45830 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID f21f42859c29 Credits minhtuanact Required privilege...

WordPress RumbleTalk Live Group Chat Plugin <= 6.2.5 is vulnerable to Broken Access Control

Software RumbleTalk Live Group Chat Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45828 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 142311804af3 Credits Mika Require...

WordPress is vulnerable to Broken Access Control

Software WordPress Type WordPress Core Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-39999 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 145475520c6c Credits Rafie Muhammad Patchstack...

WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Report Post Type Plugin Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45769 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d5598e546cea Credits Ivy TOOR, LISA...

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Broken Access Control

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45760 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b4dc1c4ebd9c Credits RE-ALTER Required privilege...

WordPress Peter’s Custom Anti-Spam Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Peter’s Custom Anti-Spam Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Scripting XSS CVE CVE-2023-45759 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b962af4e74c9 Credits SeungYongLe...

WordPress Poll Maker Plugin <= 4.7.1 is vulnerable to Broken Access Control

Software Poll Maker Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45766 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 63dcd5a4b5a6 Credits Revan Arifio Required privilege...

WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Nexter Extension Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45750 Patch priority Medium CVSS severity Medium 7.1 Developer POSIMYTH Innovations PSID ad2209719d8d Credits Rafie...

WordPress Nexter Theme <= 2.0.3 is vulnerable to Broken Access Control

Software Nexter Type Theme Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45658 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 6bbe3c1cdbc1 Credits Rafie Muhammad Patchstack Required...

WordPress HTML5 Maps Plugin <= 1.7.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software HTML5 Maps Type Plugin Vulnerable versions = 1.7.1.4 Fixed in 1.7.1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45650 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 414faf6d1725 Credits Mika Required...

WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software CPT Shortcode Generator Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45644 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8bfa1d036efa Credits Lokesh Dachepalli...

WordPress Amministrazione Trasparente Plugin <= 8.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Amministrazione Trasparente Type Plugin Vulnerable versions = 8.0.2 Fixed in 8.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45758 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 868b9cab4b55 Credits DoYeon Park p6rkdoye0n...

WordPress Email Subscribers & Newsletters Plugin <= 5.6.23 is vulnerable to Path Traversal

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.6.23 Fixed in 5.6.24 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5414 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID a55da7ad2e82 Credits Marco Wotschka Required privile...

WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software ApplyOnline – Application Form Builder and Manager Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45756 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID...