WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software User Feedback Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-39308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4cad82df326d Credits Revan Arifio Required privilege...

WordPress Live News Plugin <= 1.06 is vulnerable to Cross Site Request Forgery (CSRF)

Software Live News Type Plugin Vulnerable versions = 1.06 Fixed in 1.07 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3d6a47f8ef2a Credits LEE SE HYOUNG...

WordPress WP Bannerize Pro Plugin <= 1.6.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Bannerize Pro Type Plugin Vulnerable versions = 1.6.9 Fixed in 1.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41663 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 77839e376c07 Credits thiennv Required...

WordPress Surfer Plugin <= 1.3.2.357 is vulnerable to Broken Access Control

Software Surfer Type Plugin Vulnerable versions = 1.3.2.357 Fixed in 1.3.3.379 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-35037 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID fee59b89530e Credits Jonas Höbenreich Required...

WordPress Prevent files / folders access Plugin < 2.5.2 is vulnerable to Arbitrary File Upload

Software Prevent files / folders access Type Plugin Vulnerable versions 2.5.2 Fixed in 2.5.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-4238 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID e9cca307cf55 Credits Dmitrii Required privilege...

WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to SQL Injection

Software RSVPMarker Type Plugin Vulnerable versions = 10.6.6 Fixed in 10.6.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-41652 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 534a157bfa29 Credits Ravi Dharmawan Required privilege Unauthenticated...

WordPress authLdap Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software authLdap Type Plugin Vulnerable versions = 2.5.8 Fixed in 2.5.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41654 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID efe4321d7644 Credits Rio Darmawan Required...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-0689 Patch priority Low CVSS severity Low 4.3 Developer Wpmet PSID 4be7cb75c51f Credits Ramuel Gall...

WordPress All-in-One WP Migration Google Drive Extension Plugin <= 2.79 is vulnerable to Broken Access Control

Software All-in-One WP Migration Google Drive Extension Type Plugin Vulnerable versions = 2.79 Fixed in 2.80 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID a77f536f8693 Credit...

WordPress All-in-One WP Migration Dropbox Extension Plugin <= 3.75 is vulnerable to Broken Access Control

Software All-in-One WP Migration Dropbox Extension Type Plugin Vulnerable versions = 3.75 Fixed in 3.76 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 517b1424056f Credits Raf...

WordPress All-in-One WP Migration Box Extension Plugin <= 1.53 is vulnerable to Broken Access Control

Software All-in-One WP Migration Box Extension Type Plugin Vulnerable versions = 1.53 Fixed in 1.54 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 2ca675b8186e Credits Rafie...

CVE-2023-4611

A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak...

WordPress Forminator Plugin <= 1.24.6 is vulnerable to Arbitrary File Upload

Software Forminator Type Plugin Vulnerable versions = 1.24.6 Fixed in 1.25.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-4596 Patch priority High CVSS severity High 9.8 Developer WPMU DEV PSID c13bf0eea10b Credits mehmet Required privilege Unauthenticated Publishe...

WordPress SureCart Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software SureCart Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-41241 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c666aa75b4dc Credits emad Required privilege Administrator Publish...

WordPress Everest News Pro Theme <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Everest News Pro Type Theme Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41235 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5fee490dcfb6 Credits László Radnai...

WordPress Email Encoder Bundle Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4599 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 48a0517c2804 Credits István Márton...

WordPress Arya Multipurpose Pro Theme <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Arya Multipurpose Pro Type Theme Vulnerable versions = 1.0.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41237 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 17b111a67e25 Credits László Radnai...

WordPress Slimstat Analytics Plugin <= 5.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4597 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5f7946c39456 Credits István Márton Requir...

WordPress LuckyWP Scripts Control Plugin <= 1.2.1 is vulnerable to Broken Access Control

Software LuckyWP Scripts Control Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-29239 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e65baeeaa808 Credits Elliot Required...

WordPress MakeStories (for Google Web Stories) Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software MakeStories for Google Web Stories Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27448 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 422c8d1d0b2a Credits...