5100 matches found
WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.25 is vulnerable to Cross Site Scripting (XSS)
Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.25 Fixed in 4.9.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1978 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dde7717ec078...
WordPress MyCryptoCheckout Plugin < 2.124 is vulnerable to Cross Site Scripting (XSS)
Software MyCryptoCheckout Type Plugin Vulnerable versions 2.124 Fixed in 2.124 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1546 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b58e27663e61 Credits Pablo Sanchez Required...
WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS)
Software AdFoxly – Ad Manager, AdSense Ads & Ads.txt Type Plugin Vulnerable versions = 1.8.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30754 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 18d5dd5b8583...
WordPress WP Reroute Email Plugin <= 1.4.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Reroute Email Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27606 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0d6c514b89f2 Credits Mika Required...
WordPress Forminator Plugin <= 1.22.1 is vulnerable to Broken Access Control
Software Forminator Type Plugin Vulnerable versions = 1.22.1 Fixed in 1.23.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 5.4 Developer WPMU DEV PSID 38229dd9fbd0 Credits Unknown Required privilege Subscriber...
WordPress Drag and Drop Multiple File Upload PRO Plugin < 5.0.6.4 is vulnerable to Cross Site Scripting (XSS)
Software Drag and Drop Multiple File Upload PRO Type Plugin Vulnerable versions 5.0.6.4 Fixed in 5.0.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1282 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 21c6dea8a7cd Credi...
WordPress Slimstat Analytics Plugin < 4.9.4 is vulnerable to SQL Injection
Software Slimstat Analytics Type Plugin Vulnerable versions 4.9.4 Fixed in 4.9.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 15c6f41fc9e5 Credits PluginVulnerabilities Required privilege Subscriber...
WordPress SupportCandy Plugin < 3.1.5 is vulnerable to SQL Injection
Software SupportCandy Type Plugin Vulnerable versions 3.1.5 Fixed in 3.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1730 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 07f317999cc8 Credits dc11 Required privilege Unauthenticated Published 13...
WordPress Betheme Theme <= 26.7.5 is vulnerable to Cross Site Scripting (XSS)
Software Betheme Type Theme Vulnerable versions = 26.7.5 Fixed in 26.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29101 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2372bce26015 Credits Rafie Muhammad Patchstack...
WordPress Pricing Tables For WPBakery Page Builder Plugin < 3.0 is vulnerable to Local File Inclusion
Software Pricing Tables For WPBakery Page Builder Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-1274 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID d6cfa024a462 Credits Lana Codes Required...
WordPress Download Manager Plugin 5.0.0-6.2.9 is vulnerable to Sensitive Data Exposure
Software Download Manager Type Plugin Vulnerable versions 5.0.0-6.2.9 Fixed in 6.3.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-1809 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 59ef71547191 Credits Johan Kragt Required...
WordPress Pricing Tables For WPBakery Page Builder Plugin < 3.0 is vulnerable to Cross Site Scripting (XSS)
Software Pricing Tables For WPBakery Page Builder Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0367 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3359d5d482fd Credits...
WordPress FooGallery Plugin <= 2.2.35 is vulnerable to Cross Site Scripting (XSS)
Software FooGallery Type Plugin Vulnerable versions = 2.2.35 Fixed in 2.2.41 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29439 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6955856030c5 Credits LOURCODE Required...
WordPress Newsletters Plugin <= 4.8.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software Newsletters Type Plugin Vulnerable versions = 4.8.8 Fixed in 4.8.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-30478 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 753e64fb1d42 Credits Rio Darmawan Required...
WordPress Square Theme <= 2.0.0 is vulnerable to Broken Access Control
Software Square Type Theme Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30486 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6813b5262bc4 Credits Dave Jong Patchstack Required privilege...
WordPress Product Catalog Feed by PixelYourSite Plugin < 2.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Product Catalog Feed by PixelYourSite Type Plugin Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1805 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e27f0a1e6a1c Credits...
WordPress Blogger Buzz Theme <= 1.2.2 is vulnerable to Broken Access Control
Software Blogger Buzz Type Theme Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30476 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b1de090398f6 Credits Dave Jong Patchstack Required...
WordPress Waiting: One-click countdowns Plugin <= 0.6.2 is vulnerable to SQL Injection
Software Waiting: One-click countdowns Type Plugin Vulnerable versions = 0.6.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28659 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID bd389c037bcc Credits Joshua Martinelle Tenable Research...
WordPress Steveas WP Live Chat Shoutbox Plugin <= 1.4.2 is vulnerable to SQL Injection
Software Steveas WP Live Chat Shoutbox Type Plugin Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1020 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 176c8169feb6 Credits Simone Onofri Donato Onofri Required...
WordPress Random Text Plugin <= 0.3.0 is vulnerable to SQL Injection
Software Random Text Type Plugin Vulnerable versions = 0.3.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0388 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID a97bfdc5fe90 Credits Lana Codes Required privilege Subscriber Published 12...