WordPress Formidable Forms Plugin <= 6.1.2 is vulnerable to PHP Object Injection

Software Formidable Forms Type Plugin Vulnerable versions = 6.1.2 Fixed in 6.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1405 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e0f1ba3999f1 Credits Nguyen Huu Do Required privilege...

WordPress Spiffy Calendar Plugin <= 4.9.1 is vulnerable to SQL Injection

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.1 Fixed in 4.9.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46859 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 127ff2924c25 Credits Justiice Required privilege Subscriber Publishe...

WordPress WP Data Access Plugin <= 5.3.7 is vulnerable to Broken Access Control

Software WP Data Access Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1874 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d34193572ac0 Credits Chloe Chamberland Required...

CVE-2023-1912

The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

WordPress TheRoof Theme <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software TheRoof Type Theme Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29430 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a30310c483cd Credits RE-ALTER Required privilege...

WordPress Transbank Webpay REST Plugin <= 1.6.6 is vulnerable to SQL Injection

Software Transbank Webpay REST Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-27610 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID d271398a2afa Credits Mika Required privilege Administrator...

WordPress WCFM Marketplace Plugin <= 3.4.11 is vulnerable to Broken Access Control

Software WCFM Marketplace Type Plugin Vulnerable versions = 3.4.11 Fixed in 3.4.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4935 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a8f99e67f24d Credits Chloe Chamberland Require...

WordPress WCFM Membership Plugin <= 2.10.0 is vulnerable to Broken Access Control

Software WCFM Membership Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4940 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID b80cebcdc2c4 Credits Chloe Chamberland Required...

WordPress WCFM – Frontend Manager for WooCommerce Plugin 6.6.0 is vulnerable to Broken Access Control

Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions 6.6.0 Fixed in 6.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4937 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 5a74a2e3561b Credits Chloe...

WordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Health Check & Troubleshooting Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47161 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4168e86a07d1 Credits...

WordPress Connections Business Directory Plugin <= 10.4.36 is vulnerable to Cross Site Scripting (XSS)

Software Connections Business Directory Type Plugin Vulnerable versions = 10.4.36 Fixed in 10.4.37 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29437 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 584ffff6397a Credits...

WordPress Fancy Product Designer Plugin <= 4.6.9 is vulnerable to Broken Access Control

Software Fancy Product Designer Type Plugin Vulnerable versions = 4.6.9 Fixed in 4.7.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-4334 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 81f6208d4f4f Credits Ramuel Gall Required...

WordPress Fancy Product Designer Plugin <= 4.6.9 is vulnerable to Broken Access Control

Software Fancy Product Designer Type Plugin Vulnerable versions = 4.6.9 Fixed in 4.7.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-4335 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID b0afa15cabbe Credits Ramuel Gall Required...

WordPress WCFM Membership Plugin <= 2.10.0 is vulnerable to Privilege Escalation

Software WCFM Membership Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2022-4939 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d39bb3379dad Credits Chloe Chamberland Required...

WordPress WCFM Marketplace Plugin <= 3.4.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software WCFM Marketplace Type Plugin Vulnerable versions = 3.4.12 Fixed in 3.5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4936 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13c6dc4f50f8 Credits Chloe Chamberland...

WordPress Weaver Xtreme Theme <= 5.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Weaver Xtreme Type Theme Vulnerable versions = 5.0.7 Fixed in 6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1403 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b31bb20a58fc Credits Ramuel Gall Required privileg...

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Scripting (XSS)

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.23 Fixed in 4.9.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29424 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 21f298cb90...

WordPress Amelia Plugin <= 1.0.75 is vulnerable to Cross Site Scripting (XSS)

Software Amelia Type Plugin Vulnerable versions = 1.0.75 Fixed in 1.0.76 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29427 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5784c15e5a5a Credits minhtuanact Required...

WordPress The7 Theme <= 11.6.0 is vulnerable to Cross Site Scripting (XSS)

Software The7 Type Theme Vulnerable versions = 11.6.0 Fixed in 11.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29100 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 24f83da1f799 Credits Rafie Muhammad Patchstack...

WordPress YourChannel: Everything you want in a YouTube Plugin <= 1.2.3 is vulnerable to Broken Access Control

Software YourChannel: Everything you want in a YouTube Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1868 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID b65addd676af Credit...