WordPress ShopEngine Plugin <= 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ShopEngine Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-45371 Patch priority Low CVSS severity Low 5.4 Developer Wpmet PSID 491b80f78482 Credits Muhammad Daffa Required privilege...

WordPress File Gallery Plugin <= 1.8.5.3 is vulnerable to Cross Site Scripting (XSS)

Software File Gallery Type Plugin Vulnerable versions = 1.8.5.3 Fixed in 1.8.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23676 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d0eae18428aa Credits István Márton Required...

WordPress Stream Plugin <= 3.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Stream Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-43490 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID deaa1ceaba9b Credits Lucio Sá Required privilege...

WordPress Button Builder – Buttons X Plugin <= 0.8.6 is vulnerable to Cross Site Scripting (XSS)

Software Button Builder – Buttons X Type Plugin Vulnerable versions = 0.8.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23867 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 97c89a33bd2e Credits István Márton...

WordPress Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Software Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin Type Plugin Vulnerable versions = 1.9.6 Fixed in 1.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a01091ed9aa2...

WordPress BBSpoiler Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software BBSpoiler Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23873 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a837c2affda Credits István Márton Required privileg...

WordPress Smart WooCommerce Search Plugin <= 2.5.0 is vulnerable to Broken Access Control

Software Smart WooCommerce Search Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30783 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 62fafaa98313 Credits István Márton Requir...

WordPress Photo Gallery by 10Web Plugin < 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions 1.8.3 Fixed in 1.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4058 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ee71d42f5999 Credits Krzysztof Zając...

WordPress Themify Portfolio Post Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Themify Portfolio Post Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-32970 Patch priority Low CVSS severity Low 4.1 Developer Claim ownership PSID b8a82c2c105c Credits Muhammad Daffa...

WordPress YellowPencil Visual CSS Style Editor Plugin <= 7.5.8 is vulnerable to Cross Site Scripting (XSS)

Software YellowPencil Visual CSS Style Editor Type Plugin Vulnerable versions = 7.5.8 Fixed in 7.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-33961 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 3f9f31524979 Credits...

WordPress Kaya QR Code Generator Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Kaya QR Code Generator Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30784 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6805ca51cf5 Credits Mika Required...

WordPress Thumbnail carousel slider Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Thumbnail carousel slider Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2120 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b8405ab8f136 Credits Marco...

WordPress Photo Gallery by 10Web Plugin < 1.8.15 is vulnerable to Directory Traversal

Software Photo Gallery by 10Web Type Plugin Vulnerable versions 1.8.15 Fixed in 1.8.15 OWASP Top 10 A6: Security Misconfiguration Classification Directory Traversal CVE CVE-2023-1427 Patch priority Low CVSS severity Low 6.8 Developer Claim ownership PSID f915d3bc46f4 Credits Nguyen Huu Do Require...

WordPress Cloud Manager Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Cloud Manager Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0421 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e0814c8cc2bc Credits Shreya Pohekar Required...

WordPress Blocksy Companion Plugin < 1.8.82 is vulnerable to Sensitive Data Exposure

Software Blocksy Companion Type Plugin Vulnerable versions 1.8.82 Fixed in 1.8.82 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-1911 Patch priority Medium CVSS severity Medium 4.3 Developer Creative Themes PSID a9848e95cc61 Credits Erwan LR WPScan...

WordPress Vimeotheque Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Vimeotheque Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30498 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8e144c67d6a8 Credits Ivy TOOR, LISA Requir...

WordPress Limit Login Attempts Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Limit Login Attempts Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1861 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID fec01c1cd5c8 Credits Marc-Alexandre...

WordPress ZM Ajax Login & Register Plugin <= 2.0.2 is vulnerable to Broken Authentication

Software ZM Ajax Login & Register Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2027 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a7a84ea1c32d Credits Lana Codes Required...

WordPress Quiz And Survey Master Plugin <= 8.1.4 is vulnerable to SQL Injection

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.4 Fixed in 8.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28787 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 34ea65c01c78 Credits Rafie Muhammad Patchstack Required...

WordPress Cyr to Lat Plugin <= 3.5 is vulnerable to SQL Injection

Software Cyr to Lat Type Plugin Vulnerable versions = 3.5 Fixed in 3.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-4290 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID e6c575e2011e Credits Ramuel Gall Required privilege Contributor Published 14...