WordPress Ajax Search Pro Plugin < 4.26.2 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Search Pro Type Plugin Vulnerable versions 4.26.2 Fixed in 4.26.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1435 Patch priority High CVSS severity High 6.1 Developer Claim ownership PSID 019181a32a8a Credits Erwan LR Required...

WordPress Add User Role Plugin < 1.6.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Add User Role Type Plugin Vulnerable versions 1.6.7 Fixed in 1.6.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0820 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7eb1f185c259 Credits dc11 Required privilege...

WordPress MasterStudy LMS Plugin <= 2.9.34 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 2.9.34 Fixed in 2.9.35 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 3b63e4d1bbd6 Credits Unknown Required privilege...

WordPress PropertyHive Plugin <= 1.5.46 is vulnerable to Cross Site Scripting (XSS)

Software PropertyHive Type Plugin Vulnerable versions = 1.5.46 Fixed in 1.5.47 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29172 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1f09421dbd25 Credits minhtuanact Requir...

WordPress Welcome Bar Plugin <= 2.0.3 is vulnerable to Broken Access Control

Software Welcome Bar Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 1616e8eeba7b Credits WordFence Required privilege Subscribe...

WordPress Product Enquiry for WooCommerce Plugin <= 2.2.12 is vulnerable to Cross Site Scripting (XSS)

Software Product Enquiry for WooCommerce Type Plugin Vulnerable versions = 2.2.12 Fixed in 2.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29170 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b43cae5ebb34 Credits Myung...

CVE-2022-4899

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

WordPress Easy Quiz Maker Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Easy Quiz Maker Type Plugin Vulnerable versions = 1.5 Fixed in 2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 43ad93965d09 Credits Unknown Required privilege...

WordPress Coupon Affiliates Plugin <= 5.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Coupon Affiliates Type Plugin Vulnerable versions = 5.4.3 Fixed in 5.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28992 Patch priority Medium CVSS severity Medium 7.1 Developer RelyWP PSID 3cc060340a7c Credits thiennv Required privile...

WordPress Conditional extra fees for woocommerce Plugin <= 1.0.96 is vulnerable to Cross Site Scripting (XSS)

Software Conditional extra fees for woocommerce Type Plugin Vulnerable versions = 1.0.96 Fixed in 1.0.97 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29093 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 14551fbb2b7d Credit...

WordPress Slimstat Analytics Plugin <= 4.9.3.3 is vulnerable to SQL Injection

Software Slimstat Analytics Type Plugin Vulnerable versions = 4.9.3.3 Fixed in 4.9.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID b97867ef3e8b Credits Unknown Required privilege Subscriber Published 31...

WordPress Gift Vouchers Plugin <= 4.3.2 is vulnerable to SQL Injection

Software Gift Vouchers Type Plugin Vulnerable versions = 4.3.2 Fixed in 4.3.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28662 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 00c7c58f5f8a Credits Joshua Martinelle Required privilege...

WordPress Zippy Plugin <= 1.6.1 is vulnerable to Sensitive Data Exposure

Software Zippy Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-26533 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 652b24a2c5be Credits Junsu Yeo Required privilege...

WordPress Really Simple Google Tag Manager Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Really Simple Google Tag Manager Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23801 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0e8a9934df4f Credits...

WordPress Viral Mag Theme <= 1.0.9 is vulnerable to Broken Authentication

Software Viral Mag Type Theme Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-28990 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b28f73fc2c08 Credits Dave Jong Patchstack Required...

WordPress TF Random Numbers Plugin < 2.0.1 is vulnerable to Broken Access Control

Software TF Random Numbers Type Plugin Vulnerable versions 2.0.1 Fixed in 2.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0889 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 611153a666ff Credits dc11 Required privilege...

WordPress WP Meta SEO Plugin < 4.5.5 is vulnerable to Deserialization of untrusted data

Software WP Meta SEO Type Plugin Vulnerable versions 4.5.5 Fixed in 4.5.5 OWASP Top 10 A1: Injection Classification Deserialization of untrusted data CVE CVE-2023-1381 Patch priority Medium CVSS severity Medium 6.6 Developer Claim ownership PSID 9880ffba76ab Credits Alex Sanford Required privileg...

WordPress Newsletter Plugin <= 7.6.8 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 7.6.8 Fixed in 7.6.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 78a41f715fc6 Credits Unknown Required privilege...

WordPress HappyFiles Pro Plugin <= 1.8.1 is vulnerable to Broken Access Control

Software HappyFiles Pro Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25445 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 518a5cea4b57 Credits Dave Jong Patchstack...

WordPress HappyFiles Pro Plugin <= 1.8.1 is vulnerable to Arbitrary File Deletion

Software HappyFiles Pro Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-25446 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 9c01f634cec4 Credits Dave Jong Patchstack...