WordPress WPEForm Lite – Drag and Drop Live Form Builder for Contact, Payment & Quiz Forms Plugin <= 1.6.4 is vulnerable to Cross Site Scripting (XSS)

Software WPEForm Lite – Drag and Drop Live Form Builder for Contact, Payment & Quiz Forms Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownersh...

WordPress DeMomentSomTres Gravity Forms Improvements Plugin <= 20170425 is vulnerable to Cross Site Scripting (XSS)

Software DeMomentSomTres Gravity Forms Improvements Type Plugin Vulnerable versions = 20170425 Fixed in 201805021810 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 477dcd7d6435 Credits...

WordPress Contact Form By Mega Forms – Drag and Drop Form Builder Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form By Mega Forms – Drag and Drop Form Builder Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 5d66bb9d8b9f...

WordPress Go Fetch Jobs (for WP Job Manager) Plugin <= 1.8.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Go Fetch Jobs for WP Job Manager Type Plugin Vulnerable versions = 1.8.2.2 Fixed in 1.8.4.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 4f78961ea025 Credits Rafie Muhammad...

WordPress Mail Bank - #1 Mail SMTP Plugin for WordPress Plugin <= 3.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Mail Bank - 1 Mail SMTP Plugin for WordPress Type Plugin Vulnerable versions = 3.0.12 Fixed in 3.0.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0fd620833027 Credits Rafie...

WordPress WP Review Slider Plugin <= 3.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Review Slider Type Plugin Vulnerable versions = 3.5 Fixed in 3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID be8e0ec16e0c Credits Rafie Muhammad Patchstack Required...

WordPress Popup Maker Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Popup Maker Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.10.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b1490f38ddc0 Credits Rafie Muhammad Patchstack Required...

WordPress Spotlight Social Media Feeds Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software Spotlight Social Media Feeds Type Plugin Vulnerable versions = 1.6 Fixed in 1.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 91b8b157c36a Credits Rafie Muhammad Patchstack...

WordPress CF7 Constant Contact Fields Mapping Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software CF7 Constant Contact Fields Mapping Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 513aaa765db6 Credits Rafie Muhammad...

WordPress DeMomentSomTres Immediate Send Plugin <= 3.201704251244 is vulnerable to Cross Site Scripting (XSS)

Software DeMomentSomTres Immediate Send Type Plugin Vulnerable versions = 3.201704251244 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 395b22880d0c Credits Rafie Muhammad...

WordPress Mobile App Editor – WordPress to Android App Builder Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Mobile App Editor – WordPress to Android App Builder Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 2273721d5def Credits...

WordPress Order Picking For WooCommerce Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Order Picking For WooCommerce Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a4268d220076 Credits Rafie Muhammad...

WordPress 2MB Autocode Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software 2MB Autocode Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e8d91dce9c48 Credits Rafie Muhammad Patchstack Required...

WordPress 360 Javascript Viewer Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Software 360 Javascript Viewer Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 954a4a07facd Credits Rafie Muhammad Patchstack...

WordPress 404 to 301 Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software 404 to 301 Type Plugin Vulnerable versions = 3.0.5 Fixed in 3.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6886ba1d92bc Credits Rafie Muhammad Patchstack Required...

WordPress BuddyForms Hierarchical Posts Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Hierarchical Posts Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0e41c8fe2c4e Credits Rafie Muhammad...

WordPress Activity Log For MainWP Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Activity Log For MainWP Type Plugin Vulnerable versions = 1.7.1 Fixed in 2.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 20b4e551581a Credits Rafie Muhammad Patchstack...

WordPress Tranzly: Automatic Translation Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Tranzly: Automatic Translation Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1e66b5ef5eee Credits Rafie Muhammad...

WordPress MultiParcels Shipping For WooCommerce Plugin < 1.14.15 is vulnerable to SQL Injection

Software MultiParcels Shipping For WooCommerce Type Plugin Vulnerable versions 1.14.15 Fixed in 1.14.15 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2843 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3e93313a1e18 Credits Dao Xuan Hieu Required...

WordPress ProfileGrid Plugin <= 5.5.2 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3714 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 163433ba9759 Credits Lana Codes Required privilege...