WordPress Shield Security Plugin <= 17.0.17 is vulnerable to Broken Access Control

Software Shield Security Type Plugin Vulnerable versions = 17.0.17 Fixed in 17.0.18 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0993 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a6f498e522a5 Credits Ramuel Gall Required...

WordPress WP Popups Plugin < 2.1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Popups Type Plugin Vulnerable versions 2.1.5.1 Fixed in 2.1.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1905 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 10bebf67691e Credits Erwan LR Required...

WordPress Viable blog Theme <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Viable blog Type Theme Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27419 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID bc9810b2a616 Credits László Radnai Required...

WordPress Glaze Blog Lite Theme <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Glaze Blog Lite Type Theme Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28687 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0a07af531c50 Credits László Radnai Required...

WordPress Weaver Xtreme Theme Support Plugin <= 6.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Weaver Xtreme Theme Support Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0276 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 323a045198cd Credits István...

WordPress Mocho Blog Theme <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Mocho Blog Type Theme Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27412 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 085597533752 Credits László Radnai Required...

April 25, 2023—KB5025305 (OS Build 22621.1635) Preview

April 25, 2023—KB5025305 OS Build 22621.1635 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to...

WordPress WP BrowserUpdate Plugin <= 4.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP BrowserUpdate Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-31078 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ca8233546f51 Credits qilin99 Required...

WordPress Arconix Shortcodes Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23703 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a66cbc072f58 Credits István Márton Requir...

WordPress Progress Bar Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Progress Bar Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23699 Patch priority Low CVSS severity Low 6.5 Developer jazzs3quence PSID f509ee490678 Credits yuyudhn Required privilege...

WordPress Forms Ada Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Forms Ada Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27613 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e7150cfdbfda Credits Pavak Tiwari Required privilege...

WordPress Updraft Plugin <= 0.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Updraft Type Plugin Vulnerable versions = 0.6.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26530 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bc1184571b44 Credits Nguyen Xuan Hoa Required...

WordPress Modal Dialog Plugin <= 3.5.14 is vulnerable to Cross Site Scripting (XSS)

Software Modal Dialog Type Plugin Vulnerable versions = 3.5.14 Fixed in 3.5.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31071 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29ef21377041 Credits LEE SE HYOUNG...

WordPress WP BrowserUpdate Plugin <= 4.5 is vulnerable to Cross Site Scripting (XSS)

Software WP BrowserUpdate Type Plugin Vulnerable versions = 4.5 Fixed in 4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28690 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b9737efa9b15 Credits qilin99 Required privilege...

WordPress Display custom fields in the frontend – Post and User Profile Fields Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Display custom fields in the frontend – Post and User Profile Fields Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-31073 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PS...

WordPress Woocommerce Email Report Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Woocommerce Email Report Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27627 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 629859a93d95 Credits Yuki Haruma...

WordPress Easy Slider Revolution Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Easy Slider Revolution Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28622 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID e200bc473eac Credits Yuki Harum...

WordPress Clock In Portal- Staff & Attendance Management Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Clock In Portal- Staff & Attendance Management Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0763 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 460bee1676e1...

WordPress miniOrange's Google Authenticator Plugin <= 5.6.5 is vulnerable to Broken Access Control

Software miniOrange's Google Authenticator Type Plugin Vulnerable versions = 5.6.5 Fixed in 5.6.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4943 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 1f8ee97c6af1 Credits Ramuel Gal...

WordPress Verified Reviews (Avis Vérifiés) Plugin <= 2.3.14 is vulnerable to Cross Site Scripting (XSS)

Software Verified Reviews Avis Vérifiés Type Plugin Vulnerable versions = 2.3.14 Fixed in 2.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23720 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4bfd6109ebaa Credits yuyudh...