WordPress GiveWP Plugin <= 2.25.3 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 2.25.3 Fixed in 2.26.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-32513 Patch priority High CVSS severity High 7.5 Developer Liquid Web / StellarWP PSID 8e6fd83cfd05 Credits Rafie Muhammad Patchstack Required...

WordPress Brands for WooCommerce Plugin <= 3.7.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Brands for WooCommerce Type Plugin Vulnerable versions = 3.7.0.6 Fixed in 3.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23667 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a9e535646db Credits István Márton...

WordPress Booking Ultra Pro Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32511 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 62d0b4def25b Credits thiennv Require...

WordPress MW WP Form Plugin < 4.4.3 is vulnerable to Directory Traversal

Software MW WP Form Type Plugin Vulnerable versions 4.4.3 Fixed in 4.4.3 OWASP Top 10 A5: Broken Access Control Classification Directory Traversal CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID aac714a1b62d Credits Unknown Required privilege Unauthenticated...

WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28749 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 611848008c27 Credits Abd...

WordPress Yoast SEO Premium Plugin <= 20.4 is vulnerable to Broken Access Control

Software Yoast SEO Premium Type Plugin Vulnerable versions = 20.4 Fixed in 20.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-28775 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5c54141d1cb7 Credits Rafie Muhammad Patchstack...

WordPress ShortPixel Adaptive Images Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ShortPixel Adaptive Images Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32512 Patch priority Low CVSS severity Low 4.3 Developer ShortPixel PSID 1c9663150338 Credits konagash...

WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32510 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fdf3da041b8c Credits minhtuana...

WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Scripting (XSS)

Software Yoast SEO: Local Type Plugin Vulnerable versions = 14.8 Fixed in 14.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32300 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 28e5acd1438d Credits Rafie Muhammad...

WordPress Woo Custom Emails Plugin <= 2.2 is vulnerable to Broken Access Control

Software Woo Custom Emails Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32507 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID d401968a61b0 Credits minhtuanact Required privileg...

WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL Injection

Software Ultimate Addons for Contact Form 7 Type Plugin Vulnerable versions = 3.1.23 Fixed in 3.1.24 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47586 Patch priority High CVSS severity High 8.2 Developer Themefic PSID 7a22cfa758d5 Credits minhtuanact Required privilege...

WordPress StopBadBots Plugin <= 7.31 is vulnerable to Cross Site Scripting (XSS)

Software StopBadBots Type Plugin Vulnerable versions = 7.31 Fixed in 7.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32496 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3406dc788439 Credits Taihei Shimamine Required...

WordPress Snow Monkey Forms Plugin <= 5.0.6 is vulnerable to Directory Traversal

Software Snow Monkey Forms Type Plugin Vulnerable versions = 5.0.6 Fixed in 5.0.7 OWASP Top 10 A5: Broken Access Control Classification Directory Traversal CVE N/A Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID dc1f9c2285d8 Credits Unknown Required privilege...

WordPress TK Google Fonts GDPR Compliant Plugin <= 2.2.7 is vulnerable to Broken Access Control

Software TK Google Fonts GDPR Compliant Type Plugin Vulnerable versions = 2.2.7 Fixed in 2.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID a16b5d1818ee Credits Unknown Required...

WordPress WP Abstracts Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Abstracts Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29385 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID eb9850af3b46 Credits LEE SE HYOUNG...

WordPress Otter - Gutenberg Block Plugin < 2.2.6 is vulnerable to PHP Object Injection

Software Otter - Gutenberg Block Type Plugin Vulnerable versions 2.2.6 Fixed in 2.2.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-2288 Patch priority High CVSS severity High 6.6 Developer Claim ownership PSID a3cf96ddaa2b Credits Alex Sanford Required privilege...

WordPress Points and Rewards for WooCommerce Plugin <= 1.5.0 is vulnerable to Broken Access Control

Software Points and Rewards for WooCommerce Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.6.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-27608 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9fa3c23ff647 Credits Dave...

WordPress TheGem (Elementor) Theme < 5.8.1.1 is vulnerable to Cross Site Scripting (XSS)

Software TheGem Elementor Type Theme Vulnerable versions 5.8.1.1 Fixed in 5.8.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32237 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 54db6f410b09 Credits Dave Jong Patchstack...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1843 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID b16a58b44328 Credits Marco Wotschka...

WordPress Booking Ultra Pro Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32236 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 00fb8bbc9f88 Credits Team WeBoB...