WordPress ChatBot Plugin <= 4.4.8 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions = 4.4.8 Fixed in 4.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1651 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0fe1f44f2072 Credits Erwan LR Required privilege...

WordPress Verified Reviews (Avis Vérifiés) Plugin <= 2.3.14 is vulnerable to Cross Site Scripting (XSS)

Software Verified Reviews Avis Vérifiés Type Plugin Vulnerable versions = 2.3.14 Fixed in 2.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23720 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4bfd6109ebaa Credits yuyudh...

WordPress Album Gallery – WordPress Gallery Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Album Gallery – WordPress Gallery Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23646 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 043c2f9c9d2e Credits...

WordPress Continuous announcement scroller Plugin <= 13.0 is vulnerable to Cross Site Scripting (XSS)

Software Continuous announcement scroller Type Plugin Vulnerable versions = 13.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46819 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 81d873d17d59 Credits Justiice...

WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Motors – Car Dealer & Classified Ads Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-38716 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 076e6b4c8854 Credit...

WordPress Table & Contact Form 7 Database – Tablesome Plugin < 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Table & Contact Form 7 Database – Tablesome Type Plugin Vulnerable versions 1.0.9 Fixed in 1.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1890 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 33f0514f48a5...

WordPress vSlider Multi Image Slider for WordPress Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software vSlider Multi Image Slider for WordPress Type Plugin Vulnerable versions = 4.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-22672 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ebfb8daaae94...

WordPress ReviewX Plugin <= 1.6.12 is vulnerable to SQL Injection

Software ReviewX Type Plugin Vulnerable versions = 1.6.12 Fixed in 1.6.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-26325 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 2483e29b3913 Credits Joshua Martinelle Required privilege Subscriber...

WordPress Ebook Store Plugin <= 5.775 is vulnerable to Broken Authentication

Software Ebook Store Type Plugin Vulnerable versions = 5.775 Fixed in 5.78 OWASP Top 10 A5: Broken Access Control Classification Broken Authentication CVE CVE-2023-22701 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID eb6c903602b9 Credits yuyudhn Required privilege...

WordPress WP Links Page Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Links Page Type Plugin Vulnerable versions = 4.9.3 Fixed in 4.9.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22720 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5a20af666246 Credits István Márton Required...

WordPress Update Image Tag Alt Attribute Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Update Image Tag Alt Attribute Type Plugin Vulnerable versions = 2.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27455 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ba6000222dd7 Credits...

WordPress WP Docs Plugin <= 1.9.8 is vulnerable to Broken Access Control

Software WP Docs Type Plugin Vulnerable versions = 1.9.8 Fixed in 1.9.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30873 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3a97e9d9d358 Credits István Márton Required privilege...

WordPress Ninja Tables Plugin <= 4.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ninja Tables Type Plugin Vulnerable versions = 4.3.4 Fixed in 4.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47136 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 90c8d61f957e Credits Muhammad Daffa Require...

WordPress Pearl Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pearl Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-38356 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 294baad52683 Credits István Márton Required...

WordPress File Gallery Plugin <= 1.8.5.3 is vulnerable to Cross Site Scripting (XSS)

Software File Gallery Type Plugin Vulnerable versions = 1.8.5.3 Fixed in 1.8.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23676 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d0eae18428aa Credits István Márton Required...

WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to SQL Injection

Software Shortcode IMDB Type Plugin Vulnerable versions = 6.0.8 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47432 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID 90dd9be6ea07 Credits minhtuanact Required privilege Administrator Publish...

WordPress Google Analytics Top Content Widget Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Google Analytics Top Content Widget Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2015-10101 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 218b418ba3dd Credits...

WordPress The School Management – Education & Learning Management Plugin <= 4.1 is vulnerable to SQL Injection

Software The School Management – Education & Learning Management Type Plugin Vulnerable versions = 4.1 Fixed in 4.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47430 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID 25a7149a9ecc Credits minhtuanact...

WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to SQL Injection

Software Email posts to subscribers Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46818 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID ac023e13840e Credits Le Ngoc Anh Required privilege...

WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.7 is vulnerable to SQL Injection

Software Booking calendar, Appointment Booking System Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47428 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID be3286ef939c Credits thiennv Required...