WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Server Side Request Forgery (SSRF)

Software Essential Addons for Elementor Pro Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-32245 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6f79f41d4291 Credits...

WordPress WPCS Plugin <= 1.1.9 is vulnerable to Broken Access Control

Software WPCS Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2556 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 05cf802e36e5 Credits Alex Thomas Required privilege...

WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Bookings Type Plugin Vulnerable versions = 1.15.78 Fixed in 1.15.79 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-32747 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 81006e449dea Credits Raf...

WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software AutomateWoo Type Plugin Vulnerable versions = 5.7.1 Fixed in 5.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32745 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2ce50834e16e Credits Rafie Muhammad Patchsta...

WordPress WooCommerce Product Recommendations Plugin < 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce Product Recommendations Type Plugin Vulnerable versions 2.3.0 Fixed in 2.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32744 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d58137983362 Credits...

WordPress Elementor Website Builder Plugin <= 3.13.1 is vulnerable to Broken Access Control

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.13.1 Fixed in 3.13.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Elementor PSID 95f606d4bd1b Credits N/A Required privilege...

WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25981 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 00a2c7a49e64 Credits István Márton Required...

WordPress Quick Page/Post Redirect Plugin <= 5.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Quick Page/Post Redirect Type Plugin Vulnerable versions = 5.2.3 Fixed in 5.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25063 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 28b05154c93f Credits Justiice...

WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Donations Made Easy – Smart Donations Type Plugin Vulnerable versions = 4.0.12 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32603 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a8415256cc6f...

CVE-2023-31530

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqosprioritydevices parameter...

WordPress 10Web Social Post Feed Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software 10Web Social Post Feed Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 73c5db117428 Credits Unknown Required privileg...

WordPress WP Replicate Post Plugin <= 4.0.2 is vulnerable to SQL Injection

Software WP Replicate Post Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2237 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 93caeb59c55f Credits Marco Wotschka Required privilege Contributor...

WordPress Custom 404 Pro Plugin < 3.7.3 is vulnerable to Cross Site Scripting (XSS)

Software Custom 404 Pro Type Plugin Vulnerable versions 3.7.3 Fixed in 3.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2023 Patch priority High CVSS severity High 7.1 Developer Kunal Nagar PSID f5c6964d03e8 Credits Chien Vuong Required privileg...

Motorola CX2 命令注入漏洞

The Motorola CX2 is a wireless router from Motorola USA. A security vulnerability exists in the Motorola CX2L Router version 1.0.1, which stems from the discovery of a command injection vulnerability via the smartqosprioritydevices parameter...

WordPress Injection Guard Plugin <= 1.2.1 is vulnerable to Broken Access Control

Software Injection Guard Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32574 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1c70e6bd7c94 Credits Abdi Pranata Required privile...

WordPress Loginizer Plugin <= 1.7.8 is vulnerable to Cross Site Scripting (XSS)

Software Loginizer Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.7.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2296 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 867402dd8b92 Credits Erwan LR WPScan Required...

WordPress Portfolio Gallery – Responsive Image Gallery Plugin <= 1.4.6 is vulnerable to Broken Access Control

Software Portfolio Gallery – Responsive Image Gallery Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32585 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 46edb5a7cfb0 Credit...

WordPress Custom Base Terms Plugin <= 1.0.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Custom Base Terms Type Plugin Vulnerable versions = 1.0.2.3 Fixed in 1.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2600 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1a97ca0c054e Credits Aymane Mazguiti...

WordPress WoodMart Theme <= 7.2.1 is vulnerable to Broken Access Control

Software WoodMart Type Theme Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32240 Patch priority Medium CVSS severity Medium 5.4 Developer Xtemos PSID b409a147912c Credits Dave Jong Patchstack Required privilege...

WordPress WP Reactions Lite Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Reactions Lite Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32587 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b436a9de7ad3 Credits István Márton...