WordPress Cookie Notice & Compliance for GDPR / CCPA Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Cookie Notice & Compliance for GDPR / CCPA Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24400 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8398d2893fb7...

WordPress Real Estate 7 Theme <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Real Estate 7 Type Theme Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID af68aef80259 Credits RE-ALTER Required privilege...

WordPress WP SMS Plugin <= 6.0.4 is vulnerable to Sensitive Data Exposure

Software WP SMS Type Plugin Vulnerable versions = 6.0.4 Fixed in 6.0.4.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-27447 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID d5718eb41b4b Credits Jarko Piironen Required...

WordPress Dokan Plugin <= 3.7.12 is vulnerable to SQL Injection

Software Dokan Type Plugin Vulnerable versions = 3.7.12 Fixed in 3.7.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-26525 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 3c9e33e0d441 Credits Rafie Muhammad Patchstack Required privilege Vendor...

WordPress DeepL Pro API translation Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software DeepL Pro API translation Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27446 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6431a2bd8a82 Credits Mika...

WordPress Button Generator – easily Button Builder Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Button Generator – easily Button Builder Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27452 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5f62ad483358 Credit...

WordPress JCH Optimize Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Software JCH Optimize Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25491 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0051eec0a90c Credits Rio Darmawan Required...

WordPress ProfileGrid Plugin < 5.3.1 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions 5.3.1 Fixed in 5.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0940 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0809f414e629 Credits dc11 Required privilege Subscriber...

WordPress OAuth Server Plugin < 4.3.0 is vulnerable to Broken Access Control

Software OAuth Server Type Plugin Vulnerable versions 4.3.0 Fixed in 4.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4148 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 20d9eb3b6ea8 Credits Lana Codes Required privilege...

WordPress WC Sales Notification Plugin < 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WC Sales Notification Type Plugin Vulnerable versions 1.2.3 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1087 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 359b32e62cb7 Credits WPScan Required...

WordPress WP Plugin Manager Plugin < 1.1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Plugin Manager Type Plugin Vulnerable versions 1.1.8 Fixed in 1.1.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1088 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d16b9d1e38fc Credits WPScan Required...

WordPress Paid Memberships Pro Plugin <= 2.9.11 is vulnerable to SQL Injection

Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.9.11 Fixed in 2.9.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0631 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID c680ed84c0a0 Credits Marc Montpas Required privilege Subscribe...

WordPress Slimstat Analytics Plugin <= 4.9.3.2 is vulnerable to SQL Injection

Software Slimstat Analytics Type Plugin Vulnerable versions = 4.9.3.2 Fixed in 4.9.3.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0630 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 4253ca9a6d2d Credits Marc Montpas Required privilege Subscribe...

WordPress Correos Oficial Plugin <= 1.3.0.0 is vulnerable to Arbitrary File Download

Software Correos Oficial Type Plugin Vulnerable versions = 1.3.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2023-0331 Patch priority Low CVSS severity Low 8.6 Developer Claim ownership PSID 8d6ba27c44e0 Credits Andrea Iodice Required...

WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Debug Assistant Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-26516 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 29fe448c29d4 Credits Prasanna V Balaji...

WordPress GigPress Plugin <= 2.3.28 is vulnerable to SQL Injection

Software GigPress Type Plugin Vulnerable versions = 2.3.28 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0381 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 621aa3005525 Credits Erwan LR WPScan Required privilege Subscriber Published ...

WordPress GS Insever Portfolio Plugin < 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Software GS Insever Portfolio Type Plugin Vulnerable versions 1.4.5 Fixed in 1.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0539 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fa5f4f60b861 Credits Lana Codes...

WordPress Quiz And Survey Master Plugin <= 8.0.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.10 Fixed in 8.1.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-26524 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c4b1a4af0da2 Credits Rio Darmawa...

WordPress WP Repost Plugin <= 0.1 is vulnerable to Broken Access Control

Software WP Repost Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-26522 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID c4bf9e1aa104 Credits Prasanna V Balaji Required privilege...

WordPress Pie Register Plugin < 3.8.1.3 is vulnerable to Arbitrary Content Deletion

Software Pie Register Type Plugin Vulnerable versions 3.8.1.3 Fixed in 3.8.1.3 OWASP Top 10 A1: Injection Classification Arbitrary Content Deletion CVE CVE-2022-4024 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 837f46e8cf1c Credits cydave Required privilege...