WordPress Super Socializer Plugin <= 7.13.52 is vulnerable to Cross Site Scripting (XSS)

Software Super Socializer Type Plugin Vulnerable versions = 7.13.52 Fixed in 7.13.53 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35882 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f4231cc7bc4 Credits Rafshanzani Suhada...

WordPress MStore API Plugin <= 3.9.7 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 3.9.7 Fixed in 3.9.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47614 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d5e39e167dd4 Credits Lucio Sá Required privilege Unauthenticated Publishe...

WordPress LWS Tools Plugin <= 2.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software LWS Tools Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35774 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 23c9185a9799 Credits konagash Required privile...

WordPress CHP Ads Block Detector Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS)

Software CHP Ads Block Detector Type Plugin Vulnerable versions = 3.9.4 Fixed in 3.9.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2354 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID a6ae7a40b730 Credits Marco Wotschka...

WordPress LWS Cleaner Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software LWS Cleaner Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35781 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID eac11e5294d8 Credits konagash Required...

WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Scripting (XSS)

Software Who Hit The Page – Hit Counter Type Plugin Vulnerable versions = 1.4.14.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25466 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 01e8a810fef2 Credits...

WordPress Contact Form by WD Plugin <= 1.15.16 is vulnerable to Broken Access Control

Software Contact Form by WD Type Plugin Vulnerable versions = 1.15.16 Fixed in 1.15.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 1b7f926114eb Credits Unknown Required privilege...

WordPress WooCommerce Stock Manager Plugin <= 2.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce Stock Manager Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.11.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35091 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4886f04a593e Credits Nguyen...

WordPress WP Matterport Shortcode Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Matterport Shortcode Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35094 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 896701a47def Credits yuyudhn Require...

WordPress WP Affiliate Links Plugin <= 0.1.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Affiliate Links Type Plugin Vulnerable versions = 0.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35097 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9ca4737edead Credits thiennv Required...

WordPress breadcrumb simple Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software breadcrumb simple Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35092 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 50a5e1d60df5 Credits Rio Darmawan Required...

WordPress WP Directory Kit Plugin <= 1.2.3 is vulnerable to Broken Access Control

Software WP Directory Kit Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2351 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID ab7cb35f6371 Credits Lana Codes Required privile...

WordPress WP Front User Submit / Front Editor Plugin < 3.8.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Front User Submit / Front Editor Type Plugin Vulnerable versions 3.8.0 Fixed in 3.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 8294b3556758 Credits Unknown Requir...

WordPress Booking and Rental Manager Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Booking and Rental Manager Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35048 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 73d697a7ce84 Credits NeginNrb...

WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Recent Posts Slider Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35043 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cce446409bae Credits LEE SE HYOUNG...

WordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF)

Software Zephyr Project Manager Type Plugin Vulnerable versions = 3.3.93 Fixed in 3.3.94 OWASP Top 10 A6: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-34373 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 598837ada134 Credits...

WordPress MStore API Plugin < 3.9.6 is vulnerable to Broken Access Control

Software MStore API Type Plugin Vulnerable versions 3.9.6 Fixed in 3.9.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID f9c3e8cc268b Credits Unknown Required privilege Subscriber Publish...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0709 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID 4e0102594f1d Credits Ramuel Gall...

WordPress FiboSearch – Ajax Search for WooCommerce Plugin <= 1.23.0 is vulnerable to Cross Site Scripting (XSS)

Software FiboSearch – Ajax Search for WooCommerce Type Plugin Vulnerable versions = 1.23.0 Fixed in 1.24.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2450 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1e16f85faf8c Credi...

WordPress WP Mail Catcher Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Mail Catcher Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3080 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 4c3adbc78628 Credits Alex Thomas Required...