WordPress Go Pricing Plugin <= 3.3.19 is vulnerable to PHP Object Injection

Software Go Pricing Type Plugin Vulnerable versions = 3.3.19 Fixed in 3.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-2500 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 888d475edb31 Credits Lana Codes Required privilege Subscriber...

WordPress WS Form LITE Plugin <= 1.9.117 is vulnerable to Bypass Vulnerability

Software WS Form LITE Type Plugin Vulnerable versions = 1.9.117 Fixed in 1.9.118 OWASP Top 10 A6: Security Misconfiguration Classification Bypass Vulnerability CVE N/A Patch priority Low CVSS severity Low 5.3 Developer WS Form PSID 4f6ad1d866aa Credits WordFence Required privilege Unauthenticated...

WordPress MStore API Plugin <= 3.9.1 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2734 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 533a834d2d8a Credits Lana Codes Required privilege...

WordPress MStore API Plugin <= 3.9.2 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2732 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9a2f0204ce39 Credits Lana Codes Required privilege...

WordPress Download Theme Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Download Theme Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-38062 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6801cc6f9ede Credits István Márton Requir...

WordPress Tutor LMS Plugin <= 2.1.8 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25799 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID c5a261a00ca9 Credits Rafie Muhammad Patchstack Require...

WordPress Elementor Website Builder Plugin <= 3.13.2 is vulnerable to Broken Access Control

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.13.2 Fixed in 3.13.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33922 Patch priority Low CVSS severity Low 4.3 Developer Elementor PSID b1fff5eee484 Credits Rafie Muhammad Patchsta...

WordPress OAuth Single Sign On – SSO (OAuth Client) Plugin <= 6.23.3 is vulnerable to Broken Authentication

Software OAuth Single Sign On – SSO OAuth Client Type Plugin Vulnerable versions = 6.23.3 Fixed in 6.23.4 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2022-34155 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 74c6748a10df Credits...

WordPress Flickr Justified Gallery Plugin <= 3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Flickr Justified Gallery Type Plugin Vulnerable versions = 3.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25473 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e930ab154fff Credits Mika Required...

WordPress Download Plugin Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Download Plugin Type Plugin Vulnerable versions = 2.0.4 Fixed in 2.0.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-36345 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8585091ec14a Credits István Márton...

WordPress Ultimate Dashboard Plugin < 3.7.6 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Dashboard Type Plugin Vulnerable versions 3.7.6 Fixed in 3.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b3d7a5a0fa5a Credits Unknown Required privilege...

WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33311 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eead2c1f0998 Credits Rafie Muhammad...

WordPress Easy Captcha Plugin <= 1.0 is vulnerable to Broken Access Control

Software Easy Captcha Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33324 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5defd63e8fe5 Credits Skalucy Required privilege...

WordPress Groundhogg Plugin <= 2.7.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Groundhogg Type Plugin Vulnerable versions = 2.7.9.8 Fixed in 2.7.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2736 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 8080227ecd75 Credits Lana Codes Required...

WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Arbitrary File Upload

Software WooCommerce Follow-Up Emails Type Plugin Vulnerable versions = 4.9.40 Fixed in 4.9.50 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-33318 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID c6e0ffcab096 Credits Rafie Muhammad...

WordPress Leyka Plugin <= 3.30.2 is vulnerable to Privilege Escalation

Software Leyka Type Plugin Vulnerable versions = 3.30.2 Fixed in 3.30.3 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2023-33327 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 83c2b21f0549 Credits Nguyen Anh Tien Required privilege...

WordPress is vulnerable to Content Injection

Software WordPress Type WordPress Core Vulnerable versions = 6.2.1 Fixed in 6.2.2 OWASP Top 10 A1: Injection Classification Content Injection CVE N/A Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 75b3c88a5b55 Credits N/A Required privilege Unauthenticated Published 22 Ma...

WordPress Groundhogg Plugin <= 2.7.9.8 is vulnerable to Broken Access Control

Software Groundhogg Type Plugin Vulnerable versions = 2.7.9.8 Fixed in 2.7.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2716 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 35a3839f18ce Credits Lana Codes Required...

WordPress WP-Hijri Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software WP-Hijri Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33320 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 103e8ad73e30 Credits Le Ngoc Anh Required...

WordPress JetFormBuilder Plugin <= 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software JetFormBuilder Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-33212 Patch priority Low CVSS severity Low 4.3 Developer Crocoblock PSID 7e5a8125e34f Credits Nguyen Xuan Chien Require...