WordPress ProfileGrid Plugin <= 5.5.2 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3714 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 163433ba9759 Credits Lana Codes Required privilege...

WordPress MultiParcels Shipping For WooCommerce Plugin < 1.14.15 is vulnerable to SQL Injection

Software MultiParcels Shipping For WooCommerce Type Plugin Vulnerable versions 1.14.15 Fixed in 1.14.15 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2843 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3e93313a1e18 Credits Dao Xuan Hieu Required...

WordPress New Order Notification Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software New Order Notification Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f85602c77d34 Credits Rafie Muhammad Patchstack...

WordPress 1 Click Close Store Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software 1 Click Close Store Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d6ea0096ad8 Credits Rafie Muhammad Patchstack...

WordPress WP Store Locator – Extenders Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Store Locator – Extenders Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54d6fd923761 Credits Rafie Muhammad...

WordPress WP-Cron Status Checker Plugin < 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software WP-Cron Status Checker Type Plugin Vulnerable versions 1.2.5 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e78f192bc072 Credits Rafie Muhammad Patchstack...

WordPress Sticky add to cart for Woo Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Sticky add to cart for Woo Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 982520550df9 Credits Rafie Muhammad Patchsta...

WordPress Ultimate Downloadable Products for WooCommerce Plugin < 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Downloadable Products for WooCommerce Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c1f9e8d2a5cc Credits Raf...

WordPress Booking Addon for WooCommerce Plugin <= 4.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Booking Addon for WooCommerce Type Plugin Vulnerable versions = 4.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1704b913b21c Credits Rafie Muhammad...

WordPress Battle Suit for Divi Plugin <= 1.17.0 is vulnerable to Cross Site Scripting (XSS)

Software Battle Suit for Divi Type Plugin Vulnerable versions = 1.17.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 008027bf67c9 Credits Rafie Muhammad Patchstack...

WordPress ProfileGrid Plugin <= 5.5.1 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.1 Fixed in 5.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3713 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8475e71147a0 Credits Lana Codes Required privilege...

WordPress Smart phone field for Gravity Forms Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Smart phone field for Gravity Forms Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c510b0a80922 Credits Rafie Muhammad...

WordPress WordPress SEO Audit Plugin – WP Site Auditor Plugin < 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software WordPress SEO Audit Plugin – WP Site Auditor Type Plugin Vulnerable versions 1.2.9 Fixed in 1.2.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5c8c57e7a35f Credits Rafie...

WordPress Rank Math SEO Plugin <= 1.0.119 is vulnerable to Cross Site Scripting (XSS)

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.119 Fixed in 1.0.119.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32600 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fbe17eef0220 Credits Rafie Muhammad...

WordPress Contact Form Generator Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Generator Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-37988 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4da7e4864bf8 Credits Arvandy...

WordPress Slider a SlidersPack Plugin <= 2.0.2 is vulnerable to Broken Access Control

Software Slider a SlidersPack Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-46845 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b8f7f4a77e50 Credits Cat Required privilege...

WordPress YourMembership Single Sign On Plugin <= 1.1.3 is vulnerable to Broken Access Control

Software YourMembership Single Sign On Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-37987 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9b1dfdc28505 Credits Aman Rawat...

WordPress Quiz And Survey Master Plugin <= 8.1.10 is vulnerable to Broken Access Control

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.10 Fixed in 8.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-37984 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 046309de9fe7 Credits qilin99 Required...

WordPress Grid Kit Premium Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Grid Kit Premium Type Plugin Vulnerable versions 2.2.0 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3292 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 75b7f5364596 Credits Erwan LR WPScan...

WordPress Short URL Plugin < 1.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Short URL Type Plugin Vulnerable versions 1.6.5 Fixed in 1.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3130 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9ca4df5fae13 Credits Bob Matyas Required privilege...