WordPress Redirection for Contact Form 7 Plugin <= 2.9.2 is vulnerable to Broken Access Control

Software Redirection for Contact Form 7 Type Plugin Vulnerable versions = 2.9.2 Fixed in 3.0.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-39920 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ca4cdb116544 Credits Nguyen Anh...

WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS)

Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.18 Fixed in 1.15.19 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45071 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 40c5a2d21d33 Credits RE-ALTER Required...

WordPress Publish Confirm Message Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Publish Confirm Message Type Plugin Vulnerable versions = 1.3.1 Fixed in 2.0 OWASP Top 10 A2: Broken Authentication Classification Cross Site Request Forgery CSRF CVE CVE-2023-32124 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8e7992d754f6 Credits Taihei...

WordPress canvasio3D Light Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software canvasio3D Light Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45062 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a3783fd52d4 Credits thiennv Required...

WordPress WP Job Openings Plugin <= 3.4.1 is vulnerable to Broken Access Control

Software WP Job Openings Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45061 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 80557dfd2883 Credits Revan Arifio Required privile...

WordPress Comment Reply Email Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Comment Reply Email Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45008 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fa87fe52845c Credits Yebin Lee Required privilege...

WordPress WPGetAPI Plugin 2.1.0-2.2.1 is vulnerable to Broken Access Control

Software WPGetAPI Type Plugin Vulnerable versions 2.1.0-2.2.1 Fixed in 2.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID ca2d9e4727c6 Credits Unknown Required privilege Subscriber...

WordPress OPcache Dashboard Plugin <= 0.3.1 is vulnerable to Cross Site Scripting (XSS)

Software OPcache Dashboard Type Plugin Vulnerable versions = 0.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45064 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 88a7f0a12d7e Credits LEE SE HYOUNG...

WordPress WP User Frontend Plugin <= 3.6.8 is vulnerable to Broken Access Control

Software WP User Frontend Type Plugin Vulnerable versions = 3.6.8 Fixed in 3.6.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45002 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bd6150300c70 Credits Abdi Pranata Required...

WordPress Dropshipping & Affiliation with Amazon Plugin <= 2.1.2 is vulnerable to Arbitrary File Upload

Software Dropshipping & Affiliation with Amazon Type Plugin Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-31215 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fe2de1908435 Credits spacecroupier...

WordPress WP Custom Admin Interface Plugin <= 7.32 is vulnerable to Broken Access Control

Software WP Custom Admin Interface Type Plugin Vulnerable versions = 7.32 Fixed in 7.33 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-44988 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 74d65a8c422e Credits Abdi Pranata Required...

WordPress Video Gallery – YouTube Gallery Plugin <= 2.2.5 is vulnerable to SQL Injection

Software Video Gallery – YouTube Gallery Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-45069 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3d253c27c06d Credits Ravi Dharmawan Required privilege...

WordPress Copy Or Move Comments Plugin <= 5.0.4 is vulnerable to SQL Injection

Software Copy Or Move Comments Type Plugin Vulnerable versions = 5.0.4 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28748 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c441c723b0a4 Credits minhtuanact Required privilege Subscriber...

WordPress ProfilePress Plugin <= 4.13.2 is vulnerable to Sensitive Data Exposure

Software ProfilePress Type Plugin Vulnerable versions = 4.13.2 Fixed in 4.13.3 OWASP Top 10 A8: Software and Data Integrity Failures Classification Sensitive Data Exposure CVE CVE-2023-44150 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 15bdf51e3c48 Credits Joshua Chan...

WordPress Media Library Assistant Plugin <= 3.11 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.11 Fixed in 3.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24385 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5e6c468b6a3a Credits n0paew Required...

WordPress Cooked Plugin <= 1.7.14 is vulnerable to Cross Site Scripting (XSS)

Software Cooked Type Plugin Vulnerable versions = 1.7.14 Fixed in 1.7.15.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44477 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff0ba7b02ac2 Credits thiennv Required privilege Contributor...

WordPress Kv TinyMCE Editor Add Fonts Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Kv TinyMCE Editor Add Fonts Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44470 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 229f3e0b60ce Credits Skalucy...

WordPress OpenHook Plugin <= 4.3.0 is vulnerable to Remote Code Execution (RCE)

Software OpenHook Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-5201 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 278dfa1831ef Credits István Márton Required privilege Subscriber...

WordPress Table of Contents Plus Plugin <= 2302 is vulnerable to Cross Site Request Forgery (CSRF)

Software Table of Contents Plus Type Plugin Vulnerable versions = 2302 Fixed in 2309 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44473 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9767a2935241 Credits Muhammad Daffa...

WordPress Contractor Contact Form Website to Workflow Tool Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Contractor Contact Form Website to Workflow Tool Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44245 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b979fca96216 Credits...