WordPress Shortcodes Ultimate Plugin < 5.12.8 is vulnerable to Sensitive Data Exposure

Software Shortcodes Ultimate Type Plugin Vulnerable versions 5.12.8 Fixed in 5.12.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0911 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 466e8901614e Credits Erwan LR WPScan Requir...

WordPress Smart Slider 3 Plugin < 3.5.1.14 is vulnerable to Cross Site Scripting (XSS)

Software Smart Slider 3 Type Plugin Vulnerable versions 3.5.1.14 Fixed in 3.5.1.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0660 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 008134aaa2eb Credits Erwan LR WPScan...

WordPress HT Slider For Elementor Plugin < 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software HT Slider For Elementor Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0495 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fea57db2be31 Credits Lana Codes...

WordPress HT Portfolio Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software HT Portfolio Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0497 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3421d1e706d1 Credits Lana Codes Required...

WordPress DecaLog Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software DecaLog Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27444 Patch priority Low CVSS severity Low 4.3 Developer PerfOps One PSID 721ad967e10d Credits Mika Required privilege...

WordPress Namaste! LMS Plugin < 2.6 is vulnerable to Cross Site Scripting (XSS)

Software Namaste! LMS Type Plugin Vulnerable versions 2.6 Fixed in 2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0844 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5f40301e0581 Credits Alex Sanford Required privilege...

WordPress Resume Builder Plugin <= 3.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Resume Builder Type Plugin Vulnerable versions = 3.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0078 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 20cd873c2df4 Credits Lana Codes Required...

WordPress Resize at Upload Plus Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Resize at Upload Plus Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25467 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cded0be39625 Credits Mika Required...

WordPress Leyka Plugin <= 3.29.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Leyka Type Plugin Vulnerable versions = 3.29.2 Fixed in 3.30 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27442 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dc5061a06f06 Credits yuyudhn Required privilege...

WordPress Download Attachments Plugin <= 1.2.24 is vulnerable to Cross Site Scripting (XSS)

Software Download Attachments Type Plugin Vulnerable versions = 1.2.24 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0076 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d4020e1c310d Credits Lana Codes...

WordPress Total Poll Lite Plugin <= 4.8.6 is vulnerable to Broken Access Control

Software Total Poll Lite Type Plugin Vulnerable versions = 4.8.6 Fixed in 4.8.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-27449 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 02f4127c29b8 Credits Mika Required privilege...

WordPress Admin CSS MU Plugin <= 2.6 is vulnerable to Server Side Request Forgery (SSRF)

Software Admin CSS MU Type Plugin Vulnerable versions = 2.6 Fixed in 2.7 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID f8576e8732f6 Credits Dave Jong Patchstack Required privile...

WordPress UpQode Google Maps Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software UpQode Google Maps Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0094 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 983dbcd3ed03 Credits Lana Codes Requir...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.2.1 is vulnerable to Bypass Vulnerability

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.2 OWASP Top 10 A5: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-0085 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID 9ebffbb7ebd5 Credits Mohammed El Amin...

WordPress Advanced Recent Posts Plugin <= 0.6.14 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Recent Posts Type Plugin Vulnerable versions = 0.6.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0212 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 40ae855e2918 Credits Lana Codes...

WordPress Manage Upload Limit Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Manage Upload Limit Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27432 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 123b5c238ef2 Credits Mahesh Nagabhairava...

WordPress Synved Shortcodes Plugin <= 1.6.36 is vulnerable to Cross Site Scripting (XSS)

Software Synved Shortcodes Type Plugin Vulnerable versions = 1.6.36 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0063 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 97249fb0c45f Credits Lana Codes Requir...

WordPress Elegant Custom Fonts Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Elegant Custom Fonts Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27436 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e6a5548377b4 Credits Rio Darmawan...

WordPress WP Clean Up Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Clean Up Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25034 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c033b3177583 Credits Abdi Pranata Required...

WordPress Real Estate 7 Theme <= 3.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Real Estate 7 Type Theme Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 17be44a53b30 Credits RE-ALTER Required privilege...