WordPress Video Central Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Video Central Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0418 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6114cbd9fcb5 Credits Lana Codes Required...

WordPress Meta Slider Plugin <= 3.29.0 is vulnerable to Cross Site Scripting (XSS)

Software Meta Slider Type Plugin Vulnerable versions = 3.29.0 Fixed in 3.29.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1473 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID da45ef75e742 Credits Erwan LR WPScan Required...

WordPress PowerPress Podcasting Plugin <= 10.0 is vulnerable to Cross Site Scripting (XSS)

Software PowerPress Podcasting Type Plugin Vulnerable versions = 10.0 Fixed in 10.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1917 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2e844f252ce9 Credits Alex Thomas...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin < 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28664 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 65753b42e2e6...

WordPress Zyrex Popup Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Zyrex Popup Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0924 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 902b3bcce78c Credits Yogesh Verma Required privilege Administrator...

WordPress Steveas WP Live Chat Shoutbox Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Steveas WP Live Chat Shoutbox Type Plugin Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0899 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 96c9d942cc37 Credits Simone...

WordPress MS-Reviews Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software MS-Reviews Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0424 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 3c9df93ac5de Credits Rio Darmawan Required privilege...

WordPress WP FEvents Book Plugin <= 0.46 is vulnerable to Cross Site Scripting (XSS)

Software WP FEvents Book Type Plugin Vulnerable versions = 0.46 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1126 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 345ebf3e10d0 Credits Ameen Alkurdy Required...

WordPress Gallery Plugin < 4.7.0 is vulnerable to SQL Injection

Software Gallery Type Plugin Vulnerable versions 4.7.0 Fixed in 4.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0765 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 85ca584ad7e5 Credits dc11 Required privilege Author Published 12 April, 2023...

CVE-2023-1972

A potential heap based buffer overflow was found in bfdelfslurpversiontables in bfd/elf.c. This may lead to loss of availability...

WordPress Simple Giveaways Plugin < 2.45.1 is vulnerable to Cross Site Scripting (XSS)

Software Simple Giveaways Type Plugin Vulnerable versions 2.45.1 Fixed in 2.45.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1120 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3822ab339f6d Credits ipatelsumit Required...

WordPress FluentForm Plugin < 4.3.25 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions 4.3.25 Fixed in 4.3.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0546 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 479c93086620 Credits Vaibhav Rajput Required...

WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Tiles Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4827 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7153516c9060 Credits Lana Codes Required privile...

WordPress Klaviyo Plugin <= 3.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Klaviyo Type Plugin Vulnerable versions = 3.0.10 Fixed in 3.0.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0874 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9cbb77409b1f Credits Rafshanzani Suhada Required...

WordPress Simple Giveaways Plugin < 2.45.1 is vulnerable to Cross Site Scripting (XSS)

Software Simple Giveaways Type Plugin Vulnerable versions 2.45.1 Fixed in 2.45.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1122 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 8adf4cd8d10f Credits Varun Required...

WordPress Hummingbird Plugin < 3.4.2 is vulnerable to Path Traversal

Software Hummingbird Type Plugin Vulnerable versions 3.4.2 Fixed in 3.4.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Path Traversal CVE CVE-2023-1478 Patch priority High CVSS severity High 8.6 Developer WPMU DEV PSID 237afa7a6db1 Credits Karol Mazurek AFINE Required privilege...

WordPress Auto Rename Media On Upload Plugin < 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Auto Rename Media On Upload Type Plugin Vulnerable versions 1.1.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0605 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b9ec2d39296e Credits caoyebo Requir...

WordPress Stylish Cost Calculator Premium Plugin < 7.9.0 is vulnerable to Cross Site Scripting (XSS)

Software Stylish Cost Calculator Premium Type Plugin Vulnerable versions 7.9.0 Fixed in 7.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0983 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 344803b43355 Credits Flaviu...

WordPress Simple Job Board Plugin <= 2.10.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple Job Board Type Plugin Vulnerable versions = 2.10.3 Fixed in 2.10.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-29440 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1d3f08dd8ec9 Credits Rafshanzani Suha...

WordPress PixTypes Plugin <= 1.4.14 is vulnerable to Cross Site Request Forgery (CSRF)

Software PixTypes Type Plugin Vulnerable versions = 1.4.14 Fixed in 1.4.15 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25487 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6b12ffe8a620 Credits Mika Required privilege...