WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0694 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID 15806b79fbee Credits Ramuel Gall...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0691 Patch priority Medium CVSS severity Medium 4.3 Developer Wpmet PSID 747e7584ba0a Credits Ramuel...

WordPress Members Plugin <= 3.4.7.3 is vulnerable to Broken Access Control

Software Members Type Plugin Vulnerable versions = 3.4.7.3 Fixed in 3.4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2869 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 561a12f2621a Credits Marco Wotschka Required...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0692 Patch priority Medium CVSS severity Medium 4.3 Developer Wpmet PSID d33b9b89cda5 Credits Ramuel...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0708 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID d2490fc4db6a Credits Ramuel Gall...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0693 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID a48d4f77e351 Credits Ramuel Gall...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0688 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID 594d4e4abd66 Credits Ramuel Gall...

WordPress B2BKing Plugin <= 4.6.00 is vulnerable to Broken Access Control

Software B2BKing Type Plugin Vulnerable versions = 4.6.00 Fixed in 4.6.20 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3125 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 7647d8bb49ff Credits Jerome Bruandet Required privilege...

WordPress Visual Composer Website Builder Plugin <= 26.0 is vulnerable to Cross Site Scripting (XSS)

Software Visual Composer Website Builder Type Plugin Vulnerable versions = 26.0 Fixed in 27.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2020-36722 Patch priority Low CVSS severity Low 5.4 Developer Visual Composer PSID 94fc9a4ee237 Credits Jerome...

WordPress Directorist Plugin <= 7.5.4 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1889 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 3d986c80db6c Credits Alex Thomas Required privilege...

WordPress Activello Theme <= 1.4.0 is vulnerable to Broken Access Control

Software Activello Type Theme Vulnerable versions = 1.4.0 Fixed in 1.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36721 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 121a85ec7375 Credits Jerome Bruandet - NinTechNet...

WordPress Directorist Plugin <= 7.5.4 is vulnerable to Privilege Escalation

Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-1888 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3e2d4eebdb38 Credits Alex Thomas Required privilege...

WordPress B2BKing Plugin <= 4.6.00 is vulnerable to Broken Access Control

Software B2BKing Type Plugin Vulnerable versions = 4.6.00 Fixed in 4.6.20 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3126 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID e0410908e411 Credits Jerome Bruandet Required...

WordPress Brilliance Theme <= 1.2.7 is vulnerable to Broken Access Control

Software Brilliance Type Theme Vulnerable versions = 1.2.7 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36721 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID a0bd7d64b1bd Credits Jerome Bruandet - NinTechNet...

WordPress Newspaper X Theme <= 1.3.1 is vulnerable to Broken Access Control

Software Newspaper X Type Theme Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36721 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 364d88cff362 Credits Jerome Bruandet - NinTechNet...

WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.14.2 is vulnerable to Broken Authentication

Software Abandoned Cart Lite for WooCommerce Type Plugin Vulnerable versions = 5.14.2 Fixed in 5.15.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2986 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15bb4df9e2c9 Credits István...

WordPress Catalyst Connect Zoho CRM Client Portal Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Catalyst Connect Zoho CRM Client Portal Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0588 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 2843a5139fb1 Credit...

WordPress Contact Form Builder by vcita Plugin <= 4.10.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Builder by vcita Type Plugin Vulnerable versions = 4.10.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2300 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3b4b71b799e4 Credits Jonas...

WordPress CRM and Lead Management by vcita Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Software CRM and Lead Management by vcita Type Plugin Vulnerable versions = 2.7.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2405 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID b8d44a43844f Credits Jonas...

WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin < 4.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Online Booking & Scheduling Calendar for WordPress by vcita Type Plugin Vulnerable versions 4.3.2 Fixed in 4.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2298 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID...